discuss.channel: can access channels (as member or as group allowed) [ "|", "&", ("channel_type", "!=", "channel"), ("is_member", "=", True), "&", ("channel_type", "=", "channel"), '|', ('group_public_id', '=', False), ('group_public_id', 'in', user.groups_id.ids) ] discuss.channel: admin full access [(1, '=', 1)] discuss.channel.member: access their own entries [ ('is_self', '=', True), "|", ("channel_id.channel_type", "!=", "channel"), "&", ("channel_id.channel_type", "=", "channel"), '|', ('channel_id.group_public_id', '=', False), ('channel_id.group_public_id', 'in', user.groups_id.ids) ] discuss.channel.member: read members of accessible channels [ "|", "&", ("channel_id.channel_type", "!=", "channel"), ("channel_id.is_member", "=", True), "&", ("channel_id.channel_type", "=", "channel"), '|', ('channel_id.group_public_id', '=', False), ('channel_id.group_public_id', 'in', user.groups_id.ids) ] discuss.channel.member: can join group restricted channels when group is matching [ ('is_self', '=', True), ('channel_id.channel_type', '=', 'channel'), '|', ('channel_id.group_public_id', '=', False), ('channel_id.group_public_id', 'in', user.groups_id.ids) ] discuss.channel.member: internal users can invite others in group restricted channels when group is matching [ ('is_self', '=', False), ('channel_id.channel_type', '=', 'channel'), '|', ('channel_id.group_public_id', '=', False), ('channel_id.group_public_id', 'in', user.groups_id.ids) ] discuss.channel.member: internal users can invite others in channels they are member of [ ('is_self', '=', False), ('channel_id.channel_type', 'not in', ('channel', 'chat')), ('channel_id.is_member', '=', True) ] discuss.channel.member: admin can manipulate all entries [(1, '=', 1)] Discuss.gif.favorite: User access [('create_uid', '=', user.id)] Discuss.gif.favorite: admin full access [(1, '=', 1)] mail.notifications: group_user: write its own entries [('res_partner_id', '=', user.partner_id.id)] mail.message.subtype: portal/public: read public subtypes [('internal', '=', False)] mail.activity: user: write/unlink only (created or assigned) ['|', ('user_id', '=', user.id), ('create_uid', '=', user.id)] Administrators can access all activity plans. [(1, '=', 1)] Administrators can access all activity plan templates. [(1, '=', 1)] Mail Compose Message Rule [('create_uid', '=', user.id)] Employees can only change their own templates [('create_uid', '=', user.id)] Mail Template Editors - Edit All Templates [(1, '=', 1)] res.users.settings.volumes: access their own entries [('user_setting_id.user_id', '=', user.id)] Administrators can access all User Settings volumes. [(1, '=', 1)]