Chapter 3: Django Admin – Include Member

Django Admin – Include Member: How to add / include / manage “Members” (team members, staff users, content editors, moderators) in the Django admin.

In almost every project that goes beyond a personal hobby app, you will need multiple people to log in to the admin:

• You (full superuser)
• Content writer → can only add/edit polls/questions
• Moderator → can delete bad choices or mark questions inactive
• Support person → can see user-submitted data (if you add users later)
• Analytics person → read-only access to vote counts

Today we are going to do this very slowly, practically, and completely — like I’m sitting next to you in Kondapur, sharing the screen, and we’re setting up a real team backend together.

We’ll cover:

• Creating staff users
• Using Groups (recommended way)
• Assigning permissions (fine-grained or app-wide)
• Testing what each user can/can’t do
• Best practices so you don’t give accidental full access

Let’s go step by step.

Step 1 – Make Sure You Are Logged In as Superuser

Open http://127.0.0.1:8000/admin/ Login with your superuser account (the one you created with createsuperuser).

If you haven’t created one yet:

Username: webliance Email: whatever Password: strong one

Step 2 – Understand the Two Main Sections for Users & Permissions

In admin dashboard look under Authentication and Authorization:

• Groups → collections of permissions (recommended way)
• Users → individual people

Golden rule 2026: Almost never give permissions directly to users → Always create Groups → assign groups to users This way when a new person joins/leaves, you just add/remove them from groups.

Step 3 – Create Useful Groups (Realistic for Your Polls App)

Go to admin home → click Groups → ADD GROUP

Create these 3 groups one by one:

Group 1: “Poll Editors” (can add/edit/delete polls)

• Name: Poll Editors
• Scroll to Available permissions
• Filter/search: polls
• Select all permissions that start with polls | question and polls | choice:
  • Can add question
  • Can change question
  • Can delete question
  • Can view question
  • Same for Choice
• Click the right arrow → move them to Chosen permissions
• Save

Group 2: “Poll Viewers” (read-only on polls)

• Name: Poll Viewers
• Add only view permissions:
  • Can view question
  • Can view choice
• Save

Group 3: “Support Team” (example – view users + polls)

• Name: Support Team
• Add:
  • auth | user | Can view user
  • polls | question | Can view question
  • polls | choice | Can view choice
• Save

Step 4 – Create Team Members (Staff Users)

Now go to Users → ADD USER

Create 3 example team members:

User 1: Content Editor

• Username: editor-rani
• Password: strong one
• Email: rani@yourcompany.com
• Save and continue editing

On the next screen:

• Check Staff status (very important — without this → no admin access at all)
• Do NOT check Superuser status
• Scroll to Groups → add Poll Editors to Chosen groups
• Save

User 2: Viewer / Analyst

• Username: viewer-sameer
• Password: …
• Staff status: Yes
• Groups: Poll Viewers
• Save

User 3: Support

• Username: support-priya
• Staff status: Yes
• Groups: Support Team
• Save

Step 5 – Test Each User (Very Important – Do This Now)

Important: Open incognito / private browsing window for each test (so superuser session doesn’t interfere).

1. As editor-rani

   Login → http://127.0.0.1:8000/admin/

   What you should see:

   • Polls section → Questions + Choices
   • Can add new question → see inline choices
   • Can edit/delete questions & choices
   • Cannot see Users or Groups section
   • Cannot change other settings

2. As viewer-sameer

   Login → sees Polls section → Can only view questions & choices → No Add / Change / Delete buttons

3. As support-priya

   Sees Users list (can view user details) + Polls (view only)

4. As yourself (superuser)

   Sees everything — full control

Step 6 – Quick Security & Team Management Tips (Real-World 2026)

• Never give is_superuser=True to anyone except 1–2 trusted people
• Use Groups — never assign individual permissions to 10+ users
• When someone leaves → just remove them from all groups or set is_active=False
• For extra safety → enable 2FA in production (package: django-two-factor-auth)
• Regularly audit: Admin → Users → filter by is_staff=True → check who has access
• Hide sensitive models from staff → override has_module_permission in ModelAdmin (advanced)

Step 7 – Bonus: Make Admin Titles Team-Friendly

In mysite/admin.py (create file if missing):

→ Looks more professional when your team logs in.

Your Quick Task Right Now (Do This – It Will Stick)

1. Create the 3 groups as shown (Poll Editors, Poll Viewers, Support Team)
2. Create 2–3 staff users and assign them to groups
3. Open incognito windows and login as each user → see what they can/can’t do
4. As superuser → add one more question → see it appear when logged in as editor

Tell me what you want next:

• “Done! Now show me how to give read-only access on specific fields”
• “How to add custom user profile fields (phone, photo) in admin?”
• “I want object-level permissions (user can edit only their own polls)”
• “Got permission denied error – here’s what happened”
• Or finally ready for: “Let’s build the full voting feature – form + POST + atomic vote increment + results page”

You now know how to safely include team members in your Django admin — this is a huge step toward building something real teams can use.

You’re doing fantastic — keep going! 🚀🇮🇳