MailDesk docs
Get MailDesk
Basic and Pro

Security & access rights (administrator)

How MailDesk protects your email data inside Odoo: who can see which mailbox, how the two access groups work, what the per-mailbox sharing and AI switches do, and where your data lives. This page is for the Odoo administrator who decides who gets access.

9 min read Basic and Pro

How MailDesk protects your email data inside Odoo: who can see which mailbox, how the two access groups work, what the per-mailbox sharing and AI switches do, and where your data lives. This page is for the Odoo administrator who decides who gets access.

Available in: Basic and Pro. The two access groups, the shared-mailbox model, and the per-mailbox record rules are part of the MailDesk engine (Basic), so they behave the same on both. The per-mailbox AI control described below is Pro only — Basic has no AI.

What it does

MailDesk keeps every mailbox account, its folders, its messages, and its cached message bodies behind Odoo's standard access control. Each mailbox carries an explicit list of the users allowed to see it, and Odoo's record rules enforce that list on the server for every read and write — not just by hiding things in the interface. On top of that, the connection itself avoids storing passwords for Gmail and Outlook by using the providers' sign-in (OAuth) instead.

Why it matters

  • A user only ever sees the mailboxes they have been granted, even a shared team mailbox like support@.
  • Sensitive credentials are minimised: Gmail and Outlook store no password at all, only revocable tokens. Classic IMAP credentials are stored in your own Odoo database, behind Odoo's access controls and the per-mailbox record rules; protect them by serving Odoo over HTTPS and securing the database itself.
  • Your email content stays inside your own Odoo database. MailDesk does not send your mail to any Metzler IT service to operate.

Requirements

  • Administrator access to Odoo, including technical settings.
  • For the connection methods themselves, see the Gmail, Outlook, and IMAP / SMTP setup pages.
  • MailDesk works on Odoo 17, 18, or 19 — the access model below is the same on each.

Permissions required

  • Assigning users to the MailDesk access groups is done in Settings → Users & Companies → Users and requires an Odoo administrator.
  • Creating mailbox accounts and choosing who may access them is a Mailbox Admin task.

The two MailDesk access groups

MailDesk adds exactly two access groups, both under the MailDesk category on a user's Access Rights tab.

User Access Rights tab with the MailDesk role set to Mailbox User in the Other section

Group What it can do
Mailbox User Use the MailDesk app for the mailboxes they have been granted. Can read mailbox accounts and folders, read messages, and manage their own tags and drafts. Cannot create, reconfigure, or delete mailbox accounts.
Mailbox Admin Everything a Mailbox User can do, plus full management: create, edit, and remove mailbox accounts, folders, and all MailDesk records, for every mailbox. Mailbox Admin automatically includes Mailbox User.

Read-only on configuration for regular users

A Mailbox User can read a mailbox account and its folders but cannot change the account configuration or create new accounts. Connecting and configuring mailboxes is deliberately a Mailbox Admin action. (Regular users can still edit their own tags and drafts.)

To assign a group:

  1. Go to Settings → Users & Companies → Users and open the user.
  2. On the Access Rights tab, find the MailDesk category.
  3. Set the user to Mailbox User or Mailbox Admin.
  4. Save.

Who can see a mailbox: the access list and record rules

Being a Mailbox User is not enough on its own — a user also has to be on a specific mailbox's access list. Every mailbox account has a Users with Access field (a list of Odoo users). MailDesk's record rules then restrict everything that belongs to that mailbox to the users on that list:

  • the mailbox account itself,
  • its folders,
  • its messages,
  • the cached message bodies,
  • the read / unread / star / archive state,
  • and that mailbox's drafts.

If a user is not on a mailbox's access list, that mailbox and all of its content are invisible to them — the rule is applied on the server for reads and writes, so it cannot be bypassed from the interface.

Administrators see everything

Members of Mailbox Admin are exempt from the per-mailbox access list — they can see and manage every mailbox. Keep the number of Mailbox Admins small.

Personal mailboxes vs shared mailboxes

A mailbox can be set up two ways:

  • Personal mailbox — one person's account. Add just that user to Users with Access.
  • Shared mailbox — a team address such as support@ or info@. Add every team member to Users with Access so they all work the same inbox.

There is also an Allow Personal Connection switch on the mailbox account form. When it is on, the users you have granted can connect to the mailbox themselves by entering the email and password (useful for shared addresses); a password field appears so the shared credential can be stored. Leave it off for OAuth mailboxes, where no password is stored at all.

  1. Go to MailDesk → Configuration → Mailboxes → Mailbox Accounts and open (or create) the account.
  2. In Users with Access, add the users who should work this mailbox.
  3. For a team address, optionally turn on Allow Personal Connection.
  4. Save.

Expected result: each listed user sees this mailbox in the MailDesk app; everyone else does not.

Per-mailbox AI control (Pro)

Available in: Pro.

When MailDesk Pro is installed, each mailbox has an Enable AI features switch on its Mailbox Account form. It is the per-mailbox part of MailDesk's layered AI permission model:

  1. A global switch that an administrator can use to turn all AI off at once.
  2. A per-feature switch (thread summary, reply draft, and so on).
  3. Enable AI features on the mailbox — off means no AI for that mailbox, full stop.
  4. A configured AI provider with a valid key (or a local server).

All four are checked on the server every time, so the controls cannot be bypassed from the interface. Attachment content is treated separately again: a per-mailbox attachment-analysis setting is off by default and is what allows attachment content to ever be sent to the AI — and even then, only on an explicit user action. This setting is off out of the box and is not surfaced as a switch on the standard Mailbox Account form, so no mailbox ever sends attachment content to the AI unless it is deliberately opted in.

To set the per-mailbox AI control:

  1. Go to MailDesk → Configuration → Mailboxes → Mailbox Accounts and open the account.
  2. Switch Enable AI features on or off for that mailbox.
  3. Save.

What the AI can and cannot see

For the full data-access model — exactly what text is sent, what is never sent, and how to choose a cloud or a local provider — see What MailDesk AI can and cannot access.

Authentication and stored credentials

MailDesk uses the strongest method each provider offers.

Provider Sign-in method Password stored?
Gmail / Google Workspace OAuth 2.0 + Gmail API No — only revocable tokens
Outlook / Microsoft 365 OAuth 2.0 + Microsoft Graph No — only revocable tokens
Classic IMAP Username + password (or app password) Yes, stored in your Odoo database, behind Odoo's access controls

OAuth is the recommended path wherever it is available: faster sync, no stored password, and access you can withdraw at any time from your Google or Microsoft account. Where you do use a classic IMAP password, protect it the same way you protect any Odoo credential: serve Odoo over HTTPS so it is never sent in the clear, and secure the database and the server it runs on.

Revoking access

You can cut off MailDesk's access whenever you want; no provider password change is required.

  • Gmail: remove the mailbox account in MailDesk, then revoke access in your Google Account → Security.
  • Outlook / Microsoft 365: remove the mailbox account in MailDesk, then revoke the app in Microsoft Entra / Azure AD.

To remove MailDesk entirely, remove the mailbox accounts and uninstall the modules — that removes all access.

What MailDesk stores, and what it does not

MailDesk keeps only what it needs to show you your mail quickly:

  • email metadata (sender, subject, date, folder),
  • cached message bodies for fast reading (these expire automatically),
  • OAuth tokens, or — for classic IMAP — the mailbox credentials, kept inside your Odoo database behind Odoo's access controls,
  • folder and synchronisation state.

MailDesk does not:

  • store Gmail or Outlook passwords,
  • send your email content to any Metzler IT service to operate,
  • share email data with third parties,
  • access mailboxes you have not connected and authorised.

Where your data lives (data residency)

All of the above is stored in your own Odoo database, on the server you control. MailDesk operates entirely inside your Odoo environment. The one exception is Pro AI: when you use an AI feature, the relevant email text is sent to the AI provider you configure — and if you choose a local / self-hosted AI server, even that stays on your network. See What MailDesk AI can and cannot access.

Cached message bodies

To keep reading fast, MailDesk caches message bodies and attachment lists for a limited time and expires them automatically with a scheduled background job. The cache obeys the same per-mailbox access rules as the messages themselves, so a cached body is only ever visible to users on that mailbox's access list.

License verification

MailDesk confirms your subscription or one-time licence automatically, in the background, on a connected Odoo instance — there is nothing for you to do day to day. Verification covers MailDesk Basic, MailDesk Pro, and any Workflow Bridge add-ons you have installed.

If a licence is missing or has expired, the licence-protected features show a clear in-app notice that points you to the activation screen; the rest of your Odoo system keeps working normally. For the full activation walkthrough and the legal terms, see Licensing & tiers.

Best practices

Recommended setup for production

  • Grant MailDesk access only to the users who need it; keep Mailbox Admin small.
  • Use OAuth (Gmail, Outlook) instead of passwords wherever possible.
  • Serve Odoo over HTTPS only.
  • Enable two-factor authentication for Odoo users.
  • Keep Odoo and the underlying server up to date, and take regular database backups.

Troubleshooting

Symptom Likely cause What to do
A user cannot see a mailbox they should They are not on that mailbox's Users with Access list Add them to the list on the Mailbox Account
A user cannot create or edit a mailbox account They are a Mailbox User, not a Mailbox Admin Grant Mailbox Admin only if they genuinely need to manage accounts
A user sees a mailbox they should not They have Mailbox Admin, which bypasses the per-mailbox list Move them to Mailbox User and add them only to the mailboxes they need
AI options greyed out for a mailbox Enable AI features is off for that mailbox (Pro) Switch it on, and confirm a provider is configured
MailDesk asks to sign in to Google / Microsoft again The stored authorisation was revoked or expired Re-run the provider sign-in — see OAuth problems