Mail.channel: access only public and joined groups ['|', '|', ('public', '=', 'public'), '&', ('public', '=', 'private'), ('channel_partner_ids', 'in', [user.partner_id.id]), '&', ('public', '=', 'groups'), ('group_public_id', 'in', [g.id for g in user.groups_id])] mail.followers: write its own entries [('partner_id', '=', user.partner_id.id)] mail.notifications: group_user: write its own entries [('res_partner_id', '=', user.partner_id.id)] mail.message.subtype: portal/public: read public subtypes [('internal', '=', False)] mail.activity: user: own only [('user_id', '=', user.id)]