diff --git a/odex25_dms/dms/models/dms_security_mixin.py b/odex25_dms/dms/models/dms_security_mixin.py
index 1e0d46f88..d308f096f 100644
--- a/odex25_dms/dms/models/dms_security_mixin.py
+++ b/odex25_dms/dms/models/dms_security_mixin.py
@@ -66,7 +66,7 @@ class DmsSecurityMixin(models.AbstractModel):
         ⚠ Not very performant; only display field on form views.
         """
         # Superuser unrestricted 🦸
-        if self.env.su:
+        if self.env.su or self.env.user.has_group('base.group_system'):
             self.update(
                 {
                     "permission_create": True,
@@ -94,7 +94,7 @@ class DmsSecurityMixin(models.AbstractModel):
     @api.model
     def _get_domain_by_inheritance(self, operation):
         """Get domain for inherited accessible records."""
-        if self.env.su:
+        if self.env.su or self.env.user.has_group('base.group_system'):
             return []
         inherited_access_field = "storage_id_inherit_access_from_parent_record"
         if self._name != "dms.directory":
@@ -188,13 +188,13 @@ class DmsSecurityMixin(models.AbstractModel):
         _self = self
         # HACK ir.rule domain is always computed with sudo, so if this check is
         # true, we can assume safely that you're checking permissions
-        if self.env.su and value == self.env.uid:
+        if self.env.su or self.env.user.has_group('base.group_system') and value == self.env.uid:
             _self = self.sudo(False)
             value = bool(value)
         # Tricky one, to know if you want to search
         # positive or negative access
         positive = (operator not in NEGATIVE_TERM_OPERATORS) == bool(value)
-        if _self.env.su:
+        if _self.env.su or self.env.user.has_group('base.group_system'):
             # You're SUPERUSER_ID
             return TRUE_DOMAIN if positive else FALSE_DOMAIN
         # Obtain and combine domains