Mail.channel: access only public and joined groups ['|', '|', ('public', '=', 'public'), '&', ('public', '=', 'private'), ('channel_partner_ids', 'in', [user.partner_id.id]), '&', ('public', '=', 'groups'), ('group_public_id', 'in', [g.id for g in user.groups_id])] mail.channel.partner: write its own entries ['|', '|', ('channel_id.public', '=', 'public'), '&', ('channel_id.public', '=', 'private'), ('channel_id.channel_partner_ids', 'in', [user.partner_id.id]), '&', ('channel_id.public', '=', 'groups'), ('channel_id.group_public_id', 'in', [g.id for g in user.groups_id])] mail.notifications: group_user: write its own entries [('res_partner_id', '=', user.partner_id.id)] mail.message.subtype: portal/public: read public subtypes [('internal', '=', False)] mail.activity: user: write/unlink only (created or assigned) ['|', ('user_id', '=', user.id), ('create_uid', '=', user.id)] White/Black List: moderators: moderated channels only [('channel_id.moderator_ids', 'in', user.id)] Mail Compose Message Rule [('create_uid', '=', user.id)]