id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 23559,Staff (not superusers) should not manage perms of Users,Vlada Macek,,"In our project we want to let some colleagues to see and modify several tables including the Users table. Nevertheless I don't want the colleague to be able to elevate his or anybody else's privileges. May I submit little change of {{{UserAdmin}}} similar to the following for consideration? {{{#!python def get_readonly_fields(self, request, obj=None): rof = super(UserAdmin, self).get_readonly_fields(request, obj) if not request.user.is_superuser: rof += ('is_staff', 'is_superuser', 'groups', 'user_permissions') return rof }}} I rather doubt there is a use-case for current behaviour: Once the access to Users table is given, one can do anything. In case the behavior change will get rejected, how about to add it as a tip in the doc?",New feature,new,contrib.auth,,Normal,,,Chris Foresman cmawebsite@…,Accepted,0,0,0,0,0,0