How to Obfuscate Odoo Data?

How to Obfuscate Odoo Data: A Guide with Commands and Explanations

Data obfuscation is essential when working with production data for testing, development, or sharing purposes. In Odoo, obfuscation ensures sensitive information is replaced with dummy data while maintaining the database structure. Below is a comprehensive guide to obfuscating Odoo data using commonly used techniques and commands.

Why Obfuscate Odoo Data?

1. Protect Sensitive Information: Safeguard customer details, financial records, and employee data.
2. Compliance: Adhere to data protection regulations like GDPR or HIPAA.
3. Safe Development: Use real-like data in testing environments without exposing sensitive information.

Methods to Obfuscate Odoo Data

1. Using Odoo Shell for Manual Obfuscation

The Odoo shell allows you to execute Python commands directly on your database. This method is suitable for small-scale obfuscation tasks.

Command Example: Obfuscating Customer Emails

bash$ python odoo/odoo.bin shell -d <database_name> -c conf_path

Once in the shell:

from odoo import api, SUPERUSER_ID

env = api.Environment(cr, SUPERUSER_ID, {})
partners = env['res.partner'].search([])
for partner in partners:
    partner.write({
        'email': f"user_{partner.id}@example.com",
        'phone': f"+100000000{partner.id}"
    })
print("Customer data obfuscated!")

Explanation:

• Connects to the Odoo environment.
• Loops through all customers (res.partner).
• Replaces email and phone fields with generic but unique data.

2: Using Obfuscate option to mask the Database

2.1 Run the following command to obfuscate your database:

python odoo/odoo-bin obfuscate --database your_database_name --pwd your_enc_password -c /etc/odoo.conf -p port_number 

Explanation of Command Parameters

• –-database or -d : The name of the database you want to obfuscate.
• –-pwd : A password you set to unobfuscate the database.
• -c : The path to your Odoo configuration file.

When you execute the command, Odoo will prompt you to confirm the obfuscation process by asking you to confirm and enter the name of the database.

Once confirmed, the database will be obfuscated, and the data will appear unreadable.

2.2 Reversing the Obfuscation

To revert the database to its original state, run the same command with the

–unobfuscate flag.

Run the following command:

python odoo/odoo-bin --database your_database_name --pwd your_enc_password -c /etc/odoo.conf -p port_number –unobfuscate

Which Data Does Odoo Obfuscate?

By default, Odoo obfuscates the following tables and fields:

mail_tracking_value (Tracking Values):

• old_value_char, old_value_text, new_value_char, new_value_text

res_partner (Contacts):

• name, complete_name, email, phone, mobile, street, street2, city, zip, vat, website

res_country (Country):

• name

mail_message (Messages):

• subject, email_from, reply_to, body

crm_lead (Lead/Opportunity):

• name, contact_name, partner_name, email_from, phone, mobile, website, description

3. Using a Custom Module for Automated Obfuscation

Creating a custom Odoo module is more efficient for large-scale or repeatable obfuscation tasks.

Example: Custom Module to Obfuscate Data

1. Create a Module:

bash$ python  odoo-bin scaffold data_obfuscator addons/

2. Modify the models.py File:

from odoo import models, api

class DataObfuscator(models.Model):
    _inherit = 'res.partner'

    @api.model
    def obfuscate_data(self):
        partners = self.search([])
        for partner in partners:
            partner.write({
                'name': f"Customer {partner.id}",
                'email': f"user_{partner.id}@example.com",
                'phone': f"+100000000{partner.id}",
            })
        return "Data obfuscation complete!"

3. Add a Menu or Button for Triggering Obfuscation: In views/data_obfuscator_views.xml:

<odoo>
    <record id="action_obfuscate_data" model="ir.actions.server">
        <field name="name">Obfuscate Data</field>
        <field name="model_id" ref="base.model_res_partner"/>
        <field name="code">model.obfuscate_data()</field>
    </record>
</odoo>

4. Install the Module and Trigger Obfuscation: Navigate to your Odoo backend, go to the “Actions” menu, and execute “Obfuscate Data.”

Explanation:

• The custom module can be reused and extended for different models.
• Obfuscation logic is centralized and can be automated.

4. Using Third-Party Odoo Modules

Some community modules, like Anonymizer or Data Obfuscator, are available to streamline the process.

Steps:

1. Install a module like odoo-anonymizer from the Odoo Apps Store.
2. Configure the fields to anonymize in the settings.
3. Execute the anonymization process.

Advantages:

• No coding is required.
• It often includes pre-configured templates for common models.

Best Practices

1. Test Before Applying: Always test obfuscation scripts in a staging environment.
2. Backup Data: Ensure you have a reliable backup before performing obfuscation.
3. Exclude Critical Fields: Avoid obfuscating fields required for functionality (e.g., unique identifiers).

Important

• The obfuscation method is not a fully secure solution for transferring highly sensitive data to third parties.
• For cases involving highly sensitive data, implement additional security measures to enhance protection.

Conclusion

Obfuscating Odoo data is crucial for protecting sensitive information while maintaining a functional dataset for testing and development. Whether you choose to use the Odoo shell, create a custom module, manipulate the database directly, or use a third-party tool, ensure that the obfuscation process aligns with your organizational requirements and data privacy regulations.