Permissions and authorizations


Work in progress. To receive updates subscribe to this discussion or follow me on x or mastodon.

What is permissions and authorizations?

The options to implement them in django

When do you need to build a custom permissions and authorization system? Spoiler hardly ever.

  • You have Linux Torvalds-level technical skills in software development.

  • Your use case is truly unique, nobody has ever done it before.

  • You have abundant resources at your disposal, including time, money, and people.

  • It is not a serious project, but rather an opportunity to learn new things.

If at least two of these conditions are not true at the same time, please do not build a custom permissions and authorization system. Instead, use a proven and maintained solution. Building this stuff is hard, very hard, and even harder to maintain.

Everyone knows that debugging is twice as hard as writing a program in the first place. So if you’re as clever as you can be when you write it, how will you ever debug it?

—Brian Kernighan, 1974

In my experience, you can swap debug with maintain and it will still be true.

Before considering the options below, I’ll assume that you first tried the Django integrated permissions system and it was not enough for your use case.

Django packages

Role based

Content based

P.A.A.S solutions