Our Django app needs to have many site admins. If one of them were to accidentally edit or delete another admin’s account (specifically, mine), that could lead to bad stuff (like cascading object deletions). How would you recommend protecting either all admin accounts or specific user accounts from being edited or deleted by other site admins?
If it’s only admin actions you wish to protect against, you could probably create a custom ModelAdmin class where you override the save_model, delete_model, and delete_queryset methods to prevent operations on “protected” accounts.
Also, if you have models related to User that you don’t want to have deleted when the user is deleted, you can select a different on_delete option such as models.PROTECT or models.SET_DEFAULT
1 Like
You can also override has_change_permission and has_delete_permission to return False for admin users.