Per object permissions for Django
Python HTML Shell
Latest commit 061ace0 May 19, 2017 @michael-k michael-k committed with ad-m [example_project] Added app_name to article's urls
This fixes the following exception when using Django 2.0:

  django.core.exceptions.ImproperlyConfigured: Specifying a namespace
  in django.conf.urls.include() without providing an app_name is not
  supported. Set the app_name attribute in the included module, or
  pass a 2-tuple containing the list of patterns and app_name instead.



django-guardian is an implementation of per object permissions [1] on top of Django's authorization backend


Online documentation is available at


  • Python 2.7 or 3.4+
  • A supported version of Django (currently 1.8+)

Travis CI tests on Django version 1.8, 1.10, and 1.11.


To install django-guardian simply run:

pip install django-guardian


We need to hook django-guardian into our project.

  1. Put guardian into your INSTALLED_APPS at settings module:
  1. Add extra authorization backend to your
    'django.contrib.auth.backends.ModelBackend', # default
  1. Create guardian database tables by running:

    python migrate


After installation and project hooks we can finally use object permissions with Django.

Lets start really quickly:

>>> from django.contrib.auth.models import User, Group
>>> jack = User.objects.create_user('jack', '', 'topsecretagentjack')
>>> admins = Group.objects.create(name='admins')
>>> jack.has_perm('change_group', admins)
>>> from guardian.models import UserObjectPermission
>>> UserObjectPermission.objects.assign_perm('change_group', jack, obj=admins)
<UserObjectPermission: admins | jack | change_group>
>>> jack.has_perm('change_group', admins)

Of course our agent jack here would not be able to change_group globally:

>>> jack.has_perm('change_group')

Admin integration

Replace admin.ModelAdmin with GuardedModelAdmin for those models which should have object permissions support within admin panel.

For example:

from django.contrib import admin
from myapp.models import Author
from guardian.admin import GuardedModelAdmin

# Old way:
#class AuthorAdmin(admin.ModelAdmin):
#    pass

# With object permissions support
class AuthorAdmin(GuardedModelAdmin):
    pass, AuthorAdmin)
[1]Great paper about this feature is available at djangoadvent articles.