Also noteworthy is the special base.group_no_one security group called Extra Rights. In previous Odoo versions, it was used for advanced features hidden by default, and only made visible when the Technical Features flag was activated. Since version 9.0, this has changed, and those features are made visible as long as the Developer Mode is activated.

Access permissions granted by security groups are cumulative only. There is no way to deny an access given by some group. This means that a manually created group to customize permissions should inherit from the closest group with fewer permissions than those intended (if any), and then add all the remaining permissions needed.

Groups also have these additional fields available:

• Menus (the menu_access field): These are the menu items the group has access to
• Views (the view_access field): These are the UI views the group has access to
• Access rights (the model_access field): This is the access it has on models, detailed in the Adding security access to models recipe
• Rules (the rule_groups field): These are the record-level access rules that apply to the group, detailed in the Limiting record access using record rules recipe
• Notes (the comment field): This is a description or comment text for the group