I need a clean, upgrade-safe security module that fine-tunes access to the Projects app. The goal is to separate three roles—Followers, Task Assignees and Managers—without introducing any extra permission tiers. For Followers the requirement is read-only visibility of the project itself and of the tasks they are explicitly invited to follow. They must never see the Edit button, nor be able to change a field anywhere in the form or kanban view. Task Assignees need just enough freedom to move a task through its stages, leave internal notes or messages in the chatter, and mark it done. They must still be blocked from altering the task name, description, deadlines, tags, project, parent, or any other metadata. Managers will have broader coverage across all projects but not blanket “god mode”. They can browse every project and task, adjust stages, and collaborate in the chatter, yet destructive actions such as deleting projects, removing tasks or changing high-level project configuration will remain off-limits. We can finalise the exact boundary together once the two main roles are in place. Deliverables: • A small, independent Odoo module (preferably Python + XML record rules rather than Studio tweaks) that creates the three security groups, access rights and record rules described above. • Installation and smoke-test documentation so I can replicate the setup on staging and production. • Short verification session in which we log in under each role and confirm the behaviour. I am on the latest Odoo Enterprise release and can grant you an empty staging database to work against. If you have already built granular ACLs or mail access rules for Projects, please mention it in your proposal and include any relevant repository links or screenshots.