mirror of https://github.com/django/django.git
Refs #23559 -- warned about consequences of letting users edit User model in admin.
This commit is contained in:
parent
56cd87a5af
commit
f6b09a7f85
|
@ -1414,6 +1414,11 @@ have the power to create superusers, which can then, in turn, change other
|
||||||
users. So Django requires add *and* change permissions as a slight security
|
users. So Django requires add *and* change permissions as a slight security
|
||||||
measure.
|
measure.
|
||||||
|
|
||||||
|
Be thoughtful about how you allow users to manage permissions. If you give a
|
||||||
|
non-superuser the ability to edit users, this is ultimately the same as giving
|
||||||
|
them superuser status because they will be able to elevate permissions of
|
||||||
|
users including themselves!
|
||||||
|
|
||||||
Changing Passwords
|
Changing Passwords
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue