Use Django User Admin Site to manage roles and permissions interactively.
Permissions defined in
roles.py are given ‘human-friendly’ names.
All such permissions are assigned to the
auth | user Content Type.
Permission names are a Title Case version of the snake_case or camelCase permission codename, so…
auth | user | Create Medical Record
auth | user | Enter Surgery
RolePermissions User Admin¶
Assign / remove roles when editing Users in the Django User Admin Site.
django.contrib.auth.admin.UserAdminthat essentially adds the following logic:
remove_role(user, group)is called for each Group, removed via the Admin, that represents a role.
assign_role(user, group)is called for each Group, added via the Admin, that represents a role.
setting: ROLEPERMISSIONS_REGISTER_ADMIN = True
Mixin the functionality of
RolePermissionsUserAdminto your own custom
class MyCustomUserAdmin(RolePermissionsUserAdminMixin, django.contrib.auth.admin.UserAdmin): ...
remove_role removes every permission associated with a removed
regardless of how those permissions were originally assigned.
Permission objects exist
for each role defined in
This makes the roles and permissions defined in code immediately acccessible via the Django User Admin
sync_roles never deletes a
If you remove a role or permission from
roles.py, the corresponding
continues to exist until it is manually removed.
django-admin sync_roles --reset_user_permissions
Additionally, update every User’s permissions to ensure they include all those defined by their current roles.
--reset_user_permissions is primarily intended for development, not production!
Changing which permissions are associated with a role in
roles.py does NOT change any User’s actual permissions!
--reset_user_permissions simply clears each User’s roles and then re-assign them.
This guarantees that Users will have all permissions defined by their role(s) in
but in no way does this imply that any permissions previously granted to the User have been revoked!