Sometimes during development usually this particular suggestion might be
unnecessary. This might be useful in the case of production. As in if DEBUG
=True then the creation of the superuser should need approval from the
existing admins.

Regards,

*S P R*


On Mon, Apr 29, 2019 at 9:05 AM JJ Zolper <jzth...@gmail.com> wrote:

> What if maybe after the command is run once it then is required to check a
> list of approved subsequent admins before allowing creation of an account?
> Some kind of list stored in the admin that is required to be populated
> following the first admin, or maybe 3 admins?
>
> On Sunday, April 28, 2019 at 11:24:57 PM UTC-4, JJ Zolper wrote:
>>
>> All,
>>
>> Curious what people think about more thought and control going into who
>> can run the createsuperuser method?
>>
>> For example say there's models that I don't want anyone to touch except
>> myself as a superuser. Is it not plausible that even if I make a Django
>> Group around that model that someone could still run createsuperuser and
>> give themselves the ability to have full control?
>>
>> Wouldn't it make sense if some random developer were to run
>> createsuperuser using django settings with any of the databases (as an
>> example) that it prevent them if say that email isn't on say an internal
>> list in the django admin of approved potential users?
>>
>> I see something like this being a good idea to prevent just anyone from
>> getting full control over the site without it being specifically provided.
>>
>> Maybe there's something I'm missing something but been reading about
>> third party options and more about what's there and I just feel there's a
>> hole when it comes to who can create a super user account. Obviously you
>> could have a script that you run to initialize who is a super user, what
>> the groups are etc, but then you're basically recording personal
>> information somewhere when that should only be typed in.
>>
>> Open to ideas and thoughts, mostly just curious what could be a good
>> answer.
>>
>> Best,
>>
>> JJ
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/d6c2514a-e74f-4946-a1d8-7dbf57937096%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/d6c2514a-e74f-4946-a1d8-7dbf57937096%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAA1gVCfTcqysrBsAHOV-POGmgEFbmH09E6F99gMO0j51oqyaog%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to