1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00

Refs #23559 -- warned about consequences of letting users edit User model in admin.

This commit is contained in:
Remco Kranenburg
2015-03-13 08:48:39 -04:00
committed by Tim Graham
parent 56cd87a5af
commit f6b09a7f85

View File

@@ -1414,6 +1414,11 @@ have the power to create superusers, which can then, in turn, change other
users. So Django requires add *and* change permissions as a slight security
measure.
Be thoughtful about how you allow users to manage permissions. If you give a
non-superuser the ability to edit users, this is ultimately the same as giving
them superuser status because they will be able to elevate permissions of
users including themselves!
Changing Passwords
------------------