User and Group Administration

UserProfile Model

Each user has a profile with:

  • organization
  • phone
  • is_internal_user flag

The is_internal_user flag grants access to internal analytics/reporting features.

Group Setup

Superusers can access:

  • /auth/admin/setup-groups/

Default groups created by setup flow:

  • Public Users
  • Internal Users
  • Administrators

Access Evaluation

  • Parcel visibility/editability also depends on owner/staff/public rules
  • Internal feature checks are applied in analytics/report views
  • Django is_staff and is_superuser remain authoritative for admin access

Dataset and Grant Lifecycle

Parcel Dataset and Dataset Role Grant are managed in Django admin.

Dataset management

  • Create datasets with unique slug and human-readable name.
  • Activate/deactivate datasets with admin actions (Activate selected datasets, Deactivate selected datasets).
  • Load only selected datasets is available when you intentionally need a single operational dataset.

Grant management

  • Use Group Role Grants inline for primary access assignment.
  • Use User Role Grants inline for exception handling.
  • One grant maps exactly one dataset + one principal (user or group) + one role.
  • Role hierarchy is: APPROVER > REVIEWER > EDITOR > VIEWER.

Audit expectations

  • New grant records capture created_by automatically from the admin actor.
  • Grant rows include created_at and updated_at timestamps.
  • Use the Dataset Role Grants admin list with filters (dataset, role, group, user) to review and audit current assignments.