Tuturials

Chapter 2: Django Admin – Create User

Django Admin – Create User: How to create, manage, and understand users in the Django admin interface.

Many beginners think “creating a user = just createsuperuser command” — but that’s only the beginning. In real projects you will almost always need:

  • normal staff users (content editors, moderators, support team)
  • users with limited permissions (can only edit certain models)
  • sometimes even regular users visible/editable in admin

Today we’ll go very slowly and practically — step by step — like I’m sitting next to you and we’re doing it together on your laptop.

Step 1 – Quick Reminder: Three Types of Users in Django

Type Command used to create is_superuser is_staff Permissions Typical use case
Superuser createsuperuser True True All access You (developer), CTO, early team
Staff user Created in admin False True Only what you assign Content writers, moderators, ops team
Regular user Created via registration form or admin False False Usually none in admin End customers (if you allow admin visibility)

Step 2 – Create Your First Superuser (If Not Done Yet)

You probably already did this, but let’s confirm:

Bash

Example:

text

→ This user can do everything in admin.

Step 3 – See All Users in Admin (Already There!)

Go to: http://127.0.0.1:8000/admin/

Login with your superuser.

Look under Authentication and Authorization section:

  • Groups
  • Users

Click Users → you should see at least your superuser account.

Step 4 – Create a New Staff User via Admin (Most Common Way)

  1. In admin → click Users → click ADD USER (top right)

  2. Fill the form:

    • Username: editor1
    • Password: choose a strong one
    • Password confirmation: same
    • (Email optional but recommended)

    Click Save and continue editing

  3. Now on the change page:

    • Check Staff status → is_staff = True (this gives access to admin)
    • Do NOT check Superuser status (unless you want full power)
    • Scroll down to Permissions

    Two ways to give permissions:

    Option A – Simple: Give full access to specific apps

    • Under Available user permissions → search for polls | question | Can add question, etc.
    • Select what you want (e.g. Can add/change/delete Question and Choice)
    • Click the arrow → move to Chosen user permissions
    • Save

    Option B – Better: Use Groups (recommended for teams)

    • Go back to admin home → click GroupsADD GROUP
    • Name: Content Editors
    • Under Available permissions → add all polls related ones (add/change/delete Question & Choice)
    • Save group
    • Back to user → edit editor1
    • In Groups section → add Content Editors to Chosen groups
    • Save

    → Now editor1 can login to admin and manage polls — but cannot see users, change settings, etc.

Step 5 – Login as the New Staff User

  1. Open new incognito/private browser window (important — to avoid superuser session)

  2. Go to /admin/

  3. Login with:

    • Username: editor1
    • Password: whatever you set

  4. What you should see:

    • Only Polls section (Questions + Choices)
    • No Authentication and Authorization (Users, Groups)
    • No Sites, no Advanced stuff

    → Perfect! Limited access.

Step 6 – Test Limited Permissions (Very Important)

Create one more user: viewer1

  • Do not give any permissions or groups
  • Only check Staff status (so he can login to admin)
  • Save

Login as viewer1 → he sees:

  • Admin header
  • But no apps visible → only “You don’t have permission to view any apps”

→ This is correct behavior — staff but no permissions = empty dashboard.

Step 7 – Real-World Patterns You’ll Use (2026 Style)

  1. Content team Group: Content Editors → only add/change Question & Choice
  2. Support team Group: Support → read-only on Users + Polls (view only)
  3. Analytics person Custom group → only see vote counts (read-only on Choice)
  4. Super restricted useris_staff=True + no groups → can login but sees almost nothing (useful for audit logs)
  5. Hide sensitive models In admin.py → override has_module_permission or use third-party packages like django-guardian

Step 8 – Quick Security & Best Practices

  • Never give is_superuser=True to anyone except 1–2 trusted developers
  • Always use groups for permissions — never assign individual perms to many users
  • Enable two-factor authentication in production (packages like django-two-factor-auth)
  • Use strong password policy (in settings.py → AUTH_PASSWORD_VALIDATORS)
  • Regularly review users & groups (especially after team changes)

Your Quick Task Right Now

  1. Create two new users in admin:
    • editor-hyderabad → give full polls permissions (via group or direct)
    • viewer-only → only is_staff=True, no permissions
  2. Login in incognito as both → see the difference
  3. As editor-hyderabad → create 2 new questions + choices
  4. As superuser → see them appear

Tell me what you want next:

  • “Done! Now show me how to give read-only access or custom permissions”
  • “How to add custom user fields (phone, profile pic) to admin?”
  • “I want to use groups + object-level permissions (django-guardian)”
  • “Got error when assigning permissions – here’s message”
  • Or finally ready for: “Let’s implement voting – form, POST, vote increment with F()”

You now know how to create and manage users in Django admin like a pro — this is a huge step toward building real, team-usable applications.

You’re doing amazing — let’s keep going! 🚀🇮🇳

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Best web teacher © 2025. All Rights Reserved bestwebteacher.com.

Home
About Us
Terms of Use
Disclaimer
Contact Us

WhatsApp

+91 9433 511 250

Email

info@bestwebteacher.com

Connect with us

Facebook-f Twitter Youtube Jki-instagram-1-light

Best web teacher © 2024 . All Rights Reserved