We want to add another group of users who have access to Odoo but can't access basic modules like Contacts/Discussion/Employees. We don't want to just make the modules invisible - even if they somehow get the correct path to the contacts module they shouldn't be allowed to see anything and get a warning window.

We started to manually copy the internal user group with stripped down menus, access rights and record rules but unfortunately, when we log in with a test user, we only see the website view, not the regular Odoo starting view with the module icons.

What is the best practice to add another internal group with stripped down rights? Any thoughts on this?