for exemple, I have following url: http://tenant.com:8000/accounts/test1/edit/
when my user right authenticated is test1, but if I change the url to http://tenant.com:8000/accounts/admin/edit/, the data of user admin is showing in profile form and if I change and save this form the admin's data is update. test1 is a simple user, no superuser nor staff, but have object permission for save, delete, change and view profile how do I protect the other user's data? sorry my english -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/8025d812-6b2f-4a60-8538-6ea060b0fa34%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.