The main problem with not restricting permission is that it can lead to users being able to do things they shouldn’t be able to do. For example, if a user has permission to edit a post, they might be able to delete it too.
I have a problem with Django. I am using Django 1.8 and Python 3.4. I have created a superuser and staff user in my project, but the staff user is not restricting permission in django admin panel. I want to restrict the staff user from accessing some of the models in django admin panel, but it is not working for me, please help me out with this issue. A: You should add <code>is_staff = True</code> to your User model: https://docs.djangoproject.com/en/1.8/ref/contrib/admin/#django-contrib-admin-models-logentry <blockquote> <p>The LogEntry model has two required fields:</p> <ul> <li><strong><code><code>user</code></code></strong>: The User that performed the action.</li> <li><strong><code><code>action_time</code></code></strong>: The timestamp of the action.</li> </ul> <p>[...]</p> <p>[...] If you want to log actions performed by non-staff users, you’ll need to set <a href="https://docs.djangoproject.com/en/1.8/_modules/django/contrib/auth/#User" rel="nofollow noreferrer"><strong><em><a href="https://docs.djangoproject.com/en/1.8/_modules/" rel="nofollow noreferrer">User.<strong></strong>.is_staff</a></em></strong></a>] to True.</p> </blockquote>
Permissions in Django
Permissions in Django are a way to control who can do what with your app. They are defined in the permissions.py file and can be set on a per-user or per-app basis.
Permissions can be set on a permission level, which is either read or write. A permission level can also be set to allow all users, only users in a certain role, or only users with certain permissions.
You can also use the DJANGO_SETTINGS_MODULE environment variable to set permissions for all requests made by your app.