Django Admin - Giving staff members access to certain areas by default

Question

Could anyone tell me how to give staff users in django (those with is_staff set to true) access to some models by default in the admin interface? Currently if I log in as a staff member I just get "You don't have permission to edit anything". If I log in as a super user I get access to several things (those registered in admin.py).

I'd like to basically treat staff members as a group and allow them to edit a selection of models, or to set some permissions as defaults. I have searched around the documentation to no avail.

score 5 · Answer 1 · answered Apr 16 '18 at 10:17

5

To do this, create a group in Groups in the django admin.

You can add model permissions according to the models you would wish the staff or users to have access to.

Once that is done, add your your users to that group. You do that by selecting the user of interest and adding them to the created groups.

Once this is done, that user will have access to all those models the Group has permissions on.

answered Apr 16 '18 at 10:17

unlockme

3,897
3
28
42

I can't see my custom models' pemission list on screen until I install this https://pypi.org/project/django-admin-view-permission/ – rongdong.bai May 12 '21 at 09:57

score 5 · Accepted Answer · answered Jan 17 '12 at 19:08

5

You can create a group and make new staff users members in it. Not giving permissions by default is a security feature.

answered Jan 17 '12 at 19:08

dan-klasson

13,734
14
63
101

1

I see. Thanks. I think it would be nice if there was a way to create default permissions. There would still be no permissions by default, but I would be able to set a base set of permissions which all staff users would get. It would also be nice if there was a way to add multiple users to a group at the same time, unless I'm missing something. – hajamie Jan 18 '12 at 10:23
You could create a trigger on the user table or override the model_save() method on the User Model. That way you can make new users a part of the group automatically. You could also create an admin action in User's Admin class that makes selected users members of the group. – dan-klasson Jan 18 '12 at 13:32

score 2 · Answer 3 · answered Jun 01 '12 at 19:46

Have you written a custom authentication backend? I had written one to use LDAP to interface with an existing authentication system and was having the same issue as you with "staff" users not having perms to any of the models. Super users were fine, just staff problematic.

I fixed this by superclassing ModelBackend in my custom auth class:

## in my custom auth.py
from django.contrib.auth.backends import ModelBackend

class ActiveDirectoryBackend(ModelBackend):

The ModelBackend class has functions that are required for figuring out group and user level permissions.

This fixed users marked as "staff" from not being able to access models and allowed me to control access to different models via groups and permissions.

score 0 · Answer 4 · answered Jan 01 '23 at 17:24

You can group staff members to give them permissions.

First, check Active and Staff status then click on ➕ to create a group as shown below. *Both Active and Staff status must be checked otherwise the user cannot log in Django Admin: