Our Django app needs to have many site admins. If one of them were to accidentally edit or delete another admin’s account (specifically, mine), that could lead to bad stuff (like cascading object deletions). How would you recommend protecting either all admin accounts or specific user accounts from being edited or deleted by other site admins?
If it’s only admin actions you wish to protect against, you could probably create a custom ModelAdmin class where you override the
delete_queryset methods to prevent operations on “protected” accounts.
Also, if you have models related to User that you don’t want to have deleted when the user is deleted, you can select a different
on_delete option such as
You can also override
has_delete_permission to return
False for admin users.