Niyu Labs
SupportBook Demo
Toggle navigation
ProductsGoCase StudiesGoDocsGoBlogsGo
SupportBook Demo
Niyu MCP Server

Setup: Niyu MCP Server for Odoo

Native MCP endpoint for Odoo with admin-controlled access, model permissions, CRUD operation presets, audit logs, and support for MCP clients such as ChatGPT, Claude, Cursor, Codex, VS Code, and other compatible tools. The module is designed for teams that want AI tools to work with real Odoo context without exporting CSV files, exposing database credentials, or giving uncontrolled access to every model.

Connect Odoo to ChatGPT, Claude, Cursor, Codex, VS Code, and other MCP clients with a native MCP endpoint, admin-controlled CRUD permissions, app-based access bundles, and audit logs.

What this module does

Niyu Labs MCP Server turns Odoo into a controlled MCP server.

It provides:

- A native Odoo MCP endpoint at `/mcp`
- MCP client connection from ChatGPT, Claude, Cursor, Codex, VS Code, and other MCP-compatible clients
- Optional authentication for MCP requests
- Execution user selection
- Admin-controlled CRUD permission presets
- Access bundles for business apps such as Sales, CRM, Inventory, Purchase, Accounting, Website, Project, Manufacturing, Contacts, Helpdesk, and HR
- Automatic matching of technical Odoo models from selected app bundles
- Manual include and exclude rules for advanced control
- Per-bundle assigned users
- Rate limits, IP allowlist, maximum record limits, response caching, and audit logs

The module does not make AI access unlimited. Every action is controlled by the configuration selected by the Odoo admin.

How access control works

Native MCP settings with execution user and CRUD permission pre-set.
Native MCP settings screen where the admin enables the endpoint, selects the execution user, and chooses the MCP permission pre-set.

Access is controlled in layers.

1. The MCP client connects to the Odoo MCP endpoint.
2. The request runs through the selected MCP execution user.
3. The selected MCP permission preset decides which operations are allowed.
4. Access bundles decide which business areas and models are exposed.
5. Manual include and exclude rules can add or remove specific models.
6. Normal Odoo access rights and record rules still apply.

This means Full CRUD in the MCP settings does not bypass Odoo security. It only allows MCP to attempt create, read, update, and delete operations where the admin configuration and Odoo access rights allow it.

MCP permission presets

The module supports clear permission presets.

Access bundle with CRUD permission pre-set and matching Odoo models.
Access bundle screen where the admin selects the permission preset, assigned users, matching models, and manual include or exclude rules.

### No Access

Use this when a bundle or configuration should start locked.

### Read Only

Allows MCP clients to search, read, and answer questions using permitted Odoo records.

Example: “Show unpaid invoices for this month.”

### Read + Write

Allows read operations and updates to existing permitted records.

Example: “Update this opportunity stage to Qualified.”

### Read + Write + Create

Allows reading, updating, and creating permitted records.

Example: “Create a draft RFQ for this vendor.”

### Full CRUD

Allows create, read, update, and delete operations on permitted models and permitted records.

Use this only for trusted workflows and users.

### Custom

Use this when the admin wants precise control instead of using a preset.

Recommended Set-up flow

Step 1: Install the module

Install the Niyu Labs MCP Server module in your Odoo database.

After installation, open:

Settings → Niyu Labs MCP

Step 2: Enable the native MCP endpoint

Enable the native MCP server.

The endpoint will be shown in the settings screen.

Example endpoint format:

`https://your-odoo-domain.com/mcp`

Copy this endpoint into the MCP client.

Step 3: Choose authentication mode

Choose the authentication option required for your client and deployment.

If bearer token authentication is enabled, generate the token and copy it into the MCP client configuration.

Step 4: Select the MCP execution user

Choose the Odoo user that MCP requests should run as.

This is important because Odoo access rights and record rules still apply through this user.

Step 5: Choose the MCP permission pre-set

Select the allowed operation level.

Recommended starting point:

- Use Read Only for first tests
- Move to Read + Write or Read + Write + Create after validating prompts
- Use Full CRUD only for trusted users and controlled workflows

Step 6: Configure access bundles

Open:

Niyu Labs MCP → Access Bundles

Create or edit bundles for business apps such as:

- Sales
- CRM
- Inventory
- Purchase
- Accounting
- Website
- Project
- Manufacturing
- Contacts
- Helpdesk
- HR

The bundle will automatically match relevant technical models.

Step 7: Assign users

Assign users to the access bundle.

Users should only receive the bundles needed for their work.

Step 8: Review manual overrides

Use manual overrides when needed.

Always Include Models:
Add extra models that should be exposed even if they are not matched by the selected app bundle.

Always Exclude Models:
Remove sensitive or risky models even if they are matched by the selected app bundle.

Step 9: Test with read-only prompts first

Start by asking safe read-only questions from your MCP client.

Examples:

- “Show my top 10 customers by sales.”
- “List open opportunities created this month.”
- “Show products with low stock.”
- “Find unpaid invoices older than 30 days.”

After confirming the setup, test create or update actions if the admin has enabled them.

Example MCP prompts

Use read-only prompts first.

### Read examples

- “Show unpaid invoices over 30 days old.”
- “List my top 10 customers by revenue.”
- “Which products are below reorder level?”
- “Show opportunities created this week.”
- “Find purchase orders waiting for approval.”

### Create examples

Use only when create permission is enabled.

- “Create a draft RFQ for Vendor A for Product X.”
- “Create a CRM lead for Acme Corp.”
- “Create a follow-up activity for this customer.”

### Update examples

Use only when write permission is enabled.

- “Update this opportunity stage to Qualified.”
- “Change the scheduled date on this delivery order.”
- “Update the customer phone number.”

### Delete examples

Use only when delete permission is enabled.

- “Delete this test lead.”
- “Remove this duplicate draft record.”

For production systems, delete access should be limited to trusted users and carefully reviewed.

Security recommendations

Recommended defaults:

- Start with Read Only
- Use the minimum required permission preset
- Use specific execution users instead of a general admin user when possible
- Keep Accounting, HR, and sensitive custom models restricted unless required
- Use manual exclusions for risky models
- Enable audit logging
- Use IP allowlist where practical
- Keep maximum record limits reasonable
- Review audit logs after rollout

For demos, Read + Write + Create is usually enough.

For production, Full CRUD should be enabled only where there is a clear operational need.

FAQ’s

### Does this work only with ChatGPT?

No. It is built for MCP-compatible clients. This can include ChatGPT, Claude, Cursor, Codex, VS Code, and other tools that support MCP connections.

### Can the AI create, update, or delete Odoo records?

Yes, but only when the admin allows it through the MCP permission preset, access bundles, model rules, assigned users, and normal Odoo access rights.

### Does Full CRUD mean AI can access everything?

No. Full CRUD only means the MCP operation preset allows create, read, update, and delete. The request is still limited by selected bundles, selected models, assigned users, the execution user, and Odoo security rules.

### Can I keep some apps read-only and allow CRUD on others?

Yes. Use access bundles with different permission presets.

Example:

- Sales: Read + Write + Create
- Inventory: Read Only
- Accounting: No Access
- CRM: Read + Write

### Do users need to know technical Odoo model names?

No. Admins can select app-based bundles. The module matches technical models automatically. Advanced admins can still use manual include and exclude rules.

### Can I exclude sensitive models from a bundle?

Yes. Use Always Exclude Models to remove models that should not be exposed, even if they are matched by an app bundle.

### Are audit logs available?

Yes. Audit logs are included so admins can review MCP activity and support troubleshooting.

### Should I use an admin user as the execution user?

For quick testing, an admin user may be easier. For production, use the least privileged execution user that can perform the required actions.

### Can this be used for custom Odoo models?

Yes. Custom models can be exposed if they are included through matching logic or manual include rules and the required permissions are allowed.

### Does this replace Odoo access rights?

No. It adds an MCP access layer on top of Odoo. Odoo access rights and record rules still matter.

Feedback and support

For support, include the following information:

- Odoo version
- Hosting type: Odoo Online, Odoo.sh, or On Premise
- Module version
- MCP client used: ChatGPT, Claude, Cursor, Codex, VS Code, or other
- Authentication mode
- Execution user
- Permission preset
- Access bundle name
- Screenshot of the error
- Relevant audit log entry
- Example prompt that caused the issue

Contact: info@niyulabs.com

Setup: Excel Online Connector

Setting up the Odoo Excel Online Connector requires several pieces of information from your Microsoft Azure and OneDrive environment. Below is a guide on how to locate each required value.