Restrict super admins from resetting passwords of other users.

Is there a way in which super admins can be prevented from resetting the passwords of other super admins.

As an example, let’s say you create 2 super users using python manage.py createsuperuser. They would be listed in the Users section of django admin. Each of them can reset the password for the other. What I would like is the logged in super user should be able to reset only his password and not anyone elses.

Is this possible ?

No, nor do you want to do that. (What do you do if the super-user forgets their password? Or becomes suddenly unavailable and you need to take action under their account? Or any number of reasons…)
Even preventing access to that direct link doesn’t really prevent anything, as a super admin could change the other admin’s email address in their account and go through the reset password sequence with the emails going to an address under their control.
There’s a reason why you want to have the smallest number of super-admins possible…

2 Likes