Community mailing list archives

RE: Odoo vs SAP for data security

Bassirou Ndaw
- 09/24/2015 15:14:09

SAP is not SAP. While Odoo have one implementation with one DB (PostgreSQL), SAP have many applications with different db, e.g.

·       SAP ECC (this the ERP system)

·       SAP BI,

·       SAP CRM

·       SAP APO

·       SAP Business by design

·       SAP Business One (with MS SQL db) which is for SME's; more at Odoo level

·       and more...


All these SAP applications can run at linux, unix, windows and more....


The big apps (4 first at the list) can have as DB Oracle, MS-SQL, SAP DB, SAP HANA DB, there are at least 14 comptable DB's. So i think, the question is not a comparison between Oracle and PostgreSQL. But the point is: SAP manages to manipulate the DB in a way that you almost have no chance to access it from outside the SAP app. Even for native SQL queries, SAP provides a controlled access to DB from the app. This ORM layer between SAP app and DB is the only point where SAP code is close source. For Odoo, this will not be easy to reach such a security level which is independent from the team skill and the DB used because the whole Odoo code is open source. In regard to that, i agree with you Nhomar, that the security of the Odoo db depends at the end on the deployed skills and how the Odoo implementation team will realize that .


Best regards

Bassirou Ndaw



From: Nhomar Hernández []
Sent: Donnerstag, 24. September 2015 20:44
To: Community <>
Subject: Re: Odoo vs SAP for data security



2015-09-24 12:43 GMT-05:00 Kitti U. <>:


It is about security access to database. SAP claim that, no one can access its database and update any number directly. And even there is rights in database, SAP structure in the way it is very complex to understand. All update will be done through SAP only. (is it true?)


Yes and NO.

You can find a pretty objective comparition between Oracle (db behind SAP) and Postgresql (DB behind ODOO).

In both case with root access to your server you "can " access to database "always" foloowing adminisrtative cases, that's not impossible.


The main point is "how do you configure the access to your Postgres server".

If you configure with "peer authentication" you Postgres server with onñy access from "localhost or the IP where odoo is running" then you will need to access the db:

1.- ROot or odoo user access to the server.

2.- Intranet access.

THis 2 points apply also for Oracle.


In what is the unique point where Oracle is "better" than Postgres.

Oracle on "database level" protect "rows" feature that "SAP" do not use frequently and need even admistrative access or using the SAP framework access to be changed (which is exactly the same case than odoo.

In postgres this job is delegated to "ir rules" to odoo, and technically speaking the level is the same than SAP.

Conclusion: About "security on database" it is almost the same which is "It depend on the deploy skills."

Footer Note: You will be able to delete the "almost" in postgres 9.6 and become it "exaclty the same" [2]




Saludos Cordiales

CEO at Vauxoo Odoo's Gold Partner.


Error! Filename not specified.

Nhomar Hernandez

Error! Filename not

<img border=0 width=88 height=4 id="_x0000_i1025" src="cid:image001.jpg@01D0F70D.F3AAFFD0" alt="Image removed by sender.">


Post to: