Neutralising an Odoo database

Neutralising an Odoo database

Odoo Documentation

https://www.odoo.com/documentation/18.0/administration/on_premise.html

Duplicate a database
Duplicate a database by accessing the database manager on your server (<odoo-server>/web/database/manager). Typically, you want to duplicate your production database into a neutralized testing database. It can be done by checking the neutralize box when prompted, which executes all neutralize.sql scripts for every installed module.

Purpose

This procedure explains how to neutralise a duplicate or cloned on-premise Odoo database to safely test with real data without affecting production systems or external services.

Preconditions

  • The database must be a duplicate or cloned copy of the production database.
  • Admin access to Odoo database and system parameters.
  • Developer mode enabled.

Steps

1. Disable Outgoing Email

Option A – Disable Mail Servers

  1. Go to Settings → Technical → Email → Outgoing Mail Servers.
  2. Open each mail server.
  3. Untick Enabled.
  4. Save changes.

Option B – Use System Parameters

  1. Go to Settings → Technical → System Parameters.
  2. Create or update the following parameters:
mail.catchall.domain = False
mail.catchall.alias = False
ir.mail_server.smtp_server = 127.0.0.1

This ensures all outgoing emails are blocked.

2. Disable IAP (In-App Purchases)

  1. Navigate to Settings → General Settings → IAP.
  2. Remove or blank out the IAP Account Token and any API keys.
  3. Save changes.

Optional – System Parameters

iap.account.token = False
iap.disabled = True

3. Disable API Keys and External Integrations

  1. Go to Settings → Users & Companies → API Keys and archive or delete all API keys.
  2. Go to Settings → Technical → Automation → Automation Rules and archive all webhooks.
  3. Go to Invoicing → Configuration → Payment Providers and disable all providers.

4. Disable Scheduled Actions That Contact External Systems

  1. Navigate to Settings → Technical → Automation → Scheduled Actions.
  2. Identify actions that:
    • Send emails
    • Sync with external APIs
    • Call webhooks
    • Perform IAP operations
  3. Set Active = False for each relevant action.

5. Mark the Database as Neutralised

  1. Navigate to Settings → Technical → System Parameters.
  2. Add the following parameter:
database.neutralized = True

6. Remove Production Credentials

  • Disable or remove credentials for:
    • SMS gateways (Settings → Technical → SMS → SMS Accounts)
    • Shipping providers (DHL, UPS, Australia Post)
    • Accounting localizations and bank syncs
    • Online payment authorisations

7. Add a Warning Banner

  1. Activate Developer Mode.
  2. Go to Settings → Technical → User Interface → Views.
  3. Search for web.webclient_bootstrap.
  4. Duplicate the view for the test database.
  5. Insert the following HTML inside the <body> tag:
<div style="background-color:#b10000; color:white; padding:8px; text-align:center; font-weight:bold;">
THIS IS A NEUTRALISED TEST DATABASE — NO REAL TRANSACTIONS WILL OCCUR
</div>

8. Restrict User Access

  1. Navigate to Settings → Users.
  2. Select operational staff accounts.
  3. Click Action → Archive or remove all access rights except testers.

9. Validate Neutralisation

  • Attempt to send an email — it should fail or stay in the queue.
  • Attempt to perform an IAP purchase — it should block.
  • Verify API calls and webhooks — no external services should be triggered.
  • Verify scheduled actions — nothing should affect production or external systems.

Notes

  • Neutralisation on-premise is permanent and cannot be automatically reversed.
  • Always keep the production database separate and do not perform tests on it.
  • This procedure mirrors the neutralisation behaviour of Odoo SaaS databases.