Compliance documentation

Data Access Scope

Last updated: April 2026 · This page is intended for Anthropic connector review and enterprise compliance assessment.

For Anthropic reviewers: This page documents the exact OAuth scope, data access model, tool capabilities, and data flow for the MCP Server for Odoo connector. KSRO Labs does not operate any server in the data path between Claude and the customer's Odoo instance.

1. OAuth scope

The connector requests a single OAuth scope: mcp.

This scope is not granular — it grants access to all MCP tools that the authorized Odoo user's account is permitted to use. There is no separate read-only scope. Access granularity is enforced at the Odoo permission layer, not at the OAuth scope layer.

The OAuth implementation follows the OAuth 2.1 authorization code flow with PKCE, implemented natively within Odoo using Odoo's built-in OAuth server module.

2. Data flow architecture

The MCP Server for Odoo operates as follows:

The customer installs the mcp_server_odoo Odoo module on their own Odoo instance.
The module registers an MCP endpoint at https://[customer-odoo-domain]/mcp.
The customer adds this URL as a custom connector in Claude.ai or Claude Desktop.
When the customer prompts Claude, Claude calls POST /mcp on the customer's Odoo directly.
Odoo processes the MCP request using its own database, enforcing the user's permissions.
Odoo returns the result directly to Claude (Anthropic's infrastructure).

KSRO Labs is not in this data path. No MCP requests, no response data, no Odoo records pass through KSRO Labs servers at any point.

3. Data KSRO Labs collects

The only data that reaches KSRO Labs servers is a one-time license registration on module install:

Odoo database UUID (to uniquely identify the license)
Odoo base URL (to associate license with deployment)
Company name (for license display)
Odoo version (for compatibility tracking)

This data is stored in Supabase and used solely for license validation. It is never sold, shared, or used for any other purpose. No business records are collected.

4. Read tool access table

Tool(s)	Access type	Scope within Odoo
search_records	Read any model	Fields and records visible to the authorized user
get_record	Read any model	Single record by ID, within user's access
list_models	Read model registry	Model names, labels, and descriptions only
describe_model	Read model schema	Field definitions and types — no record data
aggregate_records	Read any model	Aggregated (grouped/summed) data — no raw records returned
pivot / timeseries / cohort / topn / funnel	Read any model	Aggregated analytics — no raw personal data returned
export_dataset	Read any model	Full field export of records within user's access
batch_search	Read any model	Multiple searches in one call — same per-model restrictions apply
analytics_list_dashboards	Read analytics config	Dashboard list and metadata only — no underlying record data
analytics_get_dashboard_data	Read analytics config	Full data payload for a specific dashboard
list_portal_pages	Read portal pages	Pages created by the MCP module only
get_portal_schema	Read portal pages	Content schema and metadata for a specific portal page
get_job_status	Read job queue	Current status of a background job submitted via MCP
get_job_result	Read job queue	Result payload of a completed background job
generate_module_spec	Read / utility	Generates a structured spec object — no Odoo data written

5. Write tool access table

Write access: These tools can create, modify, and delete records in the customer's Odoo. All operations are constrained by the authorizing user's Odoo permissions. To restrict Claude to read-only access, the customer should authorize using an Odoo user with read-only roles.

Tool(s)	Access type	Scope within Odoo
create_record / update_record / delete_record	Write any model	Constrained to models and records the user can create/write/delete
batch_create / batch_update / batch_delete	Write any model	Bulk operations — same per-model write restrictions apply
analytics_create_dashboard / analytics_add_widget	Write analytics config	Creates or modifies dashboards within the user's Odoo account
build_module_zip / install_module_zip	Write Odoo instance	Generates and installs a custom Odoo module — requires admin role
create_portal_page / update_portal_page / delete_portal_page	Write portal pages	Manages publicly accessible portal pages within Odoo
submit_job / cancel_job	Write job queue	Queues or cancels background tasks — no direct record data written

6. Permission enforcement

Every MCP tool call is executed under the authenticated Odoo user's session. Odoo enforces:

Access groups — determines which models the user can read, write, create, or delete
Record rules — domain filters applied per model that restrict which records are visible
Field-level security — restricts read/write access to specific fields on a model
Sudo context — the MCP module does not use Odoo's sudo() context, meaning all operations run with the exact user's access level

7. Token storage

OAuth access and refresh tokens issued after authorization are stored encrypted in the customer's own Odoo database. They are never transmitted to or stored by KSRO Labs. The customer can revoke access at any time via Odoo's OAuth application settings.

8. Supported deployment types

Odoo.com SaaS — supported (HTTPS by default)
Odoo.sh — supported (HTTPS by default)
Self-hosted with public HTTPS — supported
Self-hosted behind corporate firewall/VPN — not supported (Claude cannot reach the endpoint)

9. Contact for compliance questions

For questions about this connector's data access model, security posture, or compliance documentation: [email protected]