I'm trying to confirm if this is correct: I create a group with no permissions in it, and assign this group to a user. This user is not "staff status" nor is the user "superuser status" - they are only active. The user is not a member of any other groups - just the one with no permissions. Upon login, this user is still able to add, update and delete all models in the app. I think I'm misunderstanding the group functionality - is it correct that permissions assigned via groups are not automatically enforced by django and that further configuration is required to enforce the permissions assigned via the group(s) assigned to the user?
-- You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1aa57d6b-a6e8-4f5c-b48b-fca39282fa69%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment