discuss.channel: can access channels (as member or as group allowed) [ "|", "&", ("channel_type", "!=", "channel"), ("is_member", "=", True), "&", ("channel_type", "=", "channel"), "|", "&", ("parent_channel_id", "=", False), "|", ("group_public_id", "=", False), ("group_public_id", "in", user.groups_id.ids), "&", ("parent_channel_id", "!=", False), "|", ("parent_channel_id.group_public_id", "=", False), ("parent_channel_id.group_public_id", "in", user.groups_id.ids), ] discuss.channel: admin full access [(1, '=', 1)] discuss.channel.member: access their own entries [ ('is_self', '=', True), "|", ("channel_id.channel_type", "!=", "channel"), "|", "&", ("channel_id.parent_channel_id", "=", False), "|", ("channel_id.group_public_id", "=", False), ("channel_id.group_public_id", "in", user.groups_id.ids), "&", ("channel_id.parent_channel_id", "!=", False), "|", ("channel_id.parent_channel_id.group_public_id", "=", False), ("channel_id.parent_channel_id.group_public_id", "in", user.groups_id.ids), ] discuss.channel.member: read members of accessible channels [ "|", "&", ("channel_id.channel_type", "!=", "channel"), ("channel_id.is_member", "=", True), "&", ("channel_id.channel_type", "=", "channel"), "|", "&", ("channel_id.parent_channel_id", "=", False), "|", ("channel_id.group_public_id", "=", False), ("channel_id.group_public_id", "in", user.groups_id.ids), "&", ("channel_id.parent_channel_id", "!=", False), "|", ("channel_id.parent_channel_id.group_public_id", "=", False), ("channel_id.parent_channel_id.group_public_id", "in", user.groups_id.ids), ] discuss.channel.member: can join group restricted channels when group is matching [ ('is_self', '=', True), ('channel_id.channel_type', '=', 'channel'), '|', ('channel_id.group_public_id', '=', False), ('channel_id.group_public_id', 'in', user.groups_id.ids) ] discuss.channel.member: internal users can invite others in group restricted channels when group is matching [ ('is_self', '=', False), ('channel_id.channel_type', '=', 'channel'), '|', ('channel_id.group_public_id', '=', False), ('channel_id.group_public_id', 'in', user.groups_id.ids) ] discuss.channel.member: internal users can invite others in channels they are member of [ ('is_self', '=', False), ('channel_id.channel_type', 'not in', ('channel', 'chat')), ('channel_id.is_member', '=', True) ] discuss.channel.member: admin can manipulate all entries [(1, '=', 1)] Discuss.gif.favorite: User access [('create_uid', '=', user.id)] Discuss.gif.favorite: admin full access [(1, '=', 1)] mail.notifications: group_user: write its own entries [('res_partner_id', '=', user.partner_id.id)] mail.message.subtype: portal/public: read public subtypes [('internal', '=', False)] mail.activity: user: write/unlink only (created or assigned) ['|', ('user_id', '=', user.id), ('create_uid', '=', user.id)] Administrators can access all activity plans. [(1, '=', 1)] Administrators can access all activity plan templates. [(1, '=', 1)] Mail Compose Message Rule [('create_uid', '=', user.id)] Employees can only modify templates they have created or been assigned ['|', ('create_uid', '=', user.id), ('user_id', '=', user.id)] Mail Template Editors - Edit All Templates [(1, '=', 1)] res.users.settings.volumes: access their own entries [('user_setting_id.user_id', '=', user.id)] Administrators can access all User Settings volumes. [(1, '=', 1)] Canned response: admin can do all [(1, '=', 1)] Canned response: User read: own or in groups ['|', ('create_uid', '=', user.id), ('group_ids', 'in', user.groups_id.ids)] Canned response: User write/unlink: own only [('create_uid', '=', user.id)] [('create_uid', '=', user.id)]