Hello everyone, I’m undecided regarding how I should approach user management, so I thought I’d check if anyone with more experience can recommend a best practice.
I’m making a SaaS and I determined there can be 3 types of users accessing it:
- Regular users, who will have different permissions so they are allowed to perform specific operations or not. These are people within the customer company.
- Admin users, who will be able to configure the software, which means managing regular users, creating custom fields, etc. These are also people within the customer company.
- Service user(s), who will have full access to the software, to provide support. In practice, this is me.
I don’t want Admin users to access Django’s Admin app. There will be UI within my app to perform their tasks. But it’d be nice to have it for Service users, for maintenance.
I could do this in many different ways:
- Use the standard User model, where Admin is a permission and Service is
is_staff - Use the standard User model, where Admin is
is_staff(but AFAIK this would give access to the Admin app, which I don’t want) and Service isis_superuser - Use the standard User model, where Service is
is_staffand Admin is theis_adminfield in a separate model with a one-to-one link - Use a custom User model, where Service is
is_staffand Admin is the extra fieldis_admin
I’m inclined towards the last option, so I don’t need any extra query and I can easily add more data to my user in the future.
By the way, the documentation is a a bit confusing as it says creating a custom User model is best practice but also says to think twice about it.
I’d like to hear your thoughts.