What's the difference between staff, admin, superuser in django?

Question

Django has superuser, staff, admin…

superuser and staff are in django.contib.auth.models.UserManager. Then there is the createsuperuser command of django-admin.

Well, there are admin apps… What's the difference?

Answer 1

In Django, a superuser is a special type of user that has all permissions and can perform any action on the website. Superusers are usually created during the installation of a Django project, and they can be managed using the Django admin interface or command-line tools. Superusers have the ability to manage all aspects of the website, including creating and managing other users, modifying site settings, and performing administrative tasks.

On the other hand, an admin member is a user with administrative privileges that are specific to a particular application or part of an application. In Django, an admin member is typically a user with permissions to manage a specific app or a specific set of resources within an app. For example, an admin member for a blog application might have permissions to create, edit, and delete blog posts, but not have access to the site settings or other administrative tasks.

Overall, the key difference between a superuser and an admin member in Django is the level of access and control they have over the website:

• superusers have complete control and can perform any action on the site

• admin members are typically limited to a specific set of permissions and actions within a particular app or section of the site

Answer 2

Django only has one user type. Its simply User. Depending on what permissions you give the user they are able to do different things by default:

1. Any normal user can be authenticated (that's the whole point of the user, to have a login).
2. Any user assigned the staff flag, can login to the contributed admin app. Beyond this, they have no other special privileges.
3. They can be set as active or not. Only active users are allowed to login.

A superuser is just a convenience method to create a user with all permissions. They are just normal users given staff and all permissions by default.

There is also ADMINS and MANAGERS settings.

These are used for notifications, when the site is running in production (ie, when DEBUG is False).

Admins are notified of any errors that generate a traceback. They are emailed the traceback and information about the request. Managers are emailed when someone requests a link that doesn't exist (basically, when a 404 is raised).

Answer 3

I take this from Django Documentation:

One of the most powerful parts of Django is the automatic admin interface. Best thing is that you can customise it easily.

If logged in as a superuser, you have access to create, edit, and delete any object (models).

You can create staff user using staff flag. The “staff” flag controls whether the user is allowed to log in to the admin interface (i.e., whether that user is considered a “staff member” in your organization). Since this same user system can be used to control access to public (i.e., non-admin) sites, this flag differentiates between public users and administrators.

“Normal” admin users – that is, active, non-superuser staff members – are granted admin access through assigned permissions. Each object editable through the admin interface has three permissions: a create permission, an edit permission and a delete permission for all the models you had created.

Django’s admin site uses a permissions system that you can use to give specific users access only to the portions of the interface that they need. When you create a user, that user has no permissions, and it’s up to you to give the user specific permission

Answer 4

A superuser automatically has all permissions (has_perm will return True).

A staff member can login to the admin pages.

The admin pages are a simple interface to the models that you've configured to show up in it. It only shows the models that the current user has the right permissions for.

So if someone is both superuser and staff, they can login to the admin site and have full access to all the models that show up in the admin site.