User model and administrators in SaaS

Hello everyone, I’m undecided regarding how I should approach user management, so I thought I’d check if anyone with more experience can recommend a best practice.

I’m making a SaaS and I determined there can be 3 types of users accessing it:

  1. Regular users, who will have different permissions so they are allowed to perform specific operations or not. These are people within the customer company.
  2. Admin users, who will be able to configure the software, which means managing regular users, creating custom fields, etc. These are also people within the customer company.
  3. Service user(s), who will have full access to the software, to provide support. In practice, this is me.

I don’t want Admin users to access Django’s Admin app. There will be UI within my app to perform their tasks. But it’d be nice to have it for Service users, for maintenance.

I could do this in many different ways:

  • Use the standard User model, where Admin is a permission and Service is is_staff
  • Use the standard User model, where Admin is is_staff (but AFAIK this would give access to the Admin app, which I don’t want) and Service is is_superuser
  • Use the standard User model, where Service is is_staff and Admin is the is_admin field in a separate model with a one-to-one link
  • Use a custom User model, where Service is is_staff and Admin is the extra field is_admin

I’m inclined towards the last option, so I don’t need any extra query and I can easily add more data to my user in the future.

By the way, the documentation is a a bit confusing as it says creating a custom User model is best practice but also says to think twice about it.

I’d like to hear your thoughts.

If you don’t want to modify the User object, you could also use the Django Group facility and create an Admin Group, and then apply group membership restrictions to your custom admin. (Yes, service would be is_staff.)