Modern websites often implement web-based authentication at the back-end. Such authentications are managed through the #key# administrative interface : admin #key# which is run by trusted administrators.

Django comes with a built-in admin interface that can be used for **user and group management**.

# Creating superusers

A **superuser** is the admin user. Through the superuser, we can manage the entire website or application. Running the following command from inside your virtual environment creates a superuser:

```console
python app.py createsuperuser
```

Following this command, you will be prompted to enter a username and password for the superuser. After confirming your password, the superuser will be created.

## Output

```console
Superuser created successfully!
```


### Managing users

**Users** represent the different types of people that interact with your site. 

These users might not have the same privileges as the admin, who has complete access to the website. 

Through the admin/superuser, we can achieve the following:

- Add or delete users
- Edit users' status
- Edit existing users
- Create user groups
- Add users to groups
- Add or remove user permissions
- Reset passwords

## Creating users

We can create users by using the `create_user()` helper function, as follows:

```python
from django.contrib.auth.models import User

user = User.objects.create_user('Tony', 'ironman@theavengers.com', 'iamironman')

# The user has been successfully created
# We can change its attributes

user.last_name = 'Stark'
user.save()
```
 
We can also add users interactively using the admin index page. Simply click the green + sign next to the Users entry, enter a username and password, and save.

## User permissions and status

We can also use the admin index page to edit user status. For a #key# normal :non-admin #key# user, check the boxes that indicate *Active* and *Staff*. Do not check the box *Superuser* if you wish to restrict access of the user.

When a user is created, they have no permissions. These permissions are granted by the superuser and are user-specific.

These permissions can be added using the helper functions:  
1. `user_permissions.set([permission_list])`
 
2. `user_permissions.add(permission, permission, ...)`

3. `user_permissions.remove(permission, permission, ...)`


We can also add user permissions using the admin index. Simply click on a user, look for the *User Permissions* option, and use the drop-down list to add/remove permissions.

### Managing groups

**Groups** are a means of categorizing users. This allows for granting permissions to a specific group. It also saves a lot of time, as compared to granting permissions to each individual user. 

A user may belong to any number of groups and automatically has all the permissions granted to that group.

## Creating groups

We create groups in a similar manner to users. Simply navigate to the *Add* button next to the *Groups*, enter the credentials, and save.

We can also add users to the Group using the admin index.

## Group permissions

Think of **group permissions** as a way of assigning user permissions in bulk. 

We assign permissions to a specific group, for example, by allowing *Editors* to edit the home screen and then adding users to the *Editors* group. This is a much more efficient and practical way of assigning user permissions.

## Creating users

We can create users by using the `create_user()` helper function, as follows:

```python
from django.contrib.auth.models import User

user = User.objects.create_user('Tony', 'ironman@theavengers.com', 'iamironman')

# The user has been successfully created
# We can change its attributes

user.last_name = 'Stark'
user.save()
```
 
We can also add users interactively using the admin index page. Simply click the green + sign next to the Users entry, enter a username and password, and save.

How to manage users and groups in Django Admin

Use Django's built-in admin interface to manage users and groups, create superusers, and assign permissions.