let's not put it aside. i find it perfectly reasonable that the DB user django uses to connect to its own database has all privileges to that database.
there are ways to limit these privileges depending on the requirements both on django and postgres level, for example to have some read only users, etc.
don't google "Django Postgres Tutorial", the only django tutorial you need is the official django tutorial.
the djangocentral article discusses django superusers, not postgres ones. a django superuser has no postgres superuser privileges, they are 2 different things.
> Django does doesn't even mention superusers
of course it does not mention superusers because django does not recommend creating db superusers for security reasons and it mentions them only in connection with installing postgres extensions, and that is a limitation of postgres, not django.
in my professional opinion a run of the mill web application does not need row level security, setting up schema-wide privileges correctly is hard enough. but if one needs it, it's one google search away that some people have tried to do it with django as well, it's a postgres concept and as such can be implemented in any other framework connecting to it.
there are ways to limit these privileges depending on the requirements both on django and postgres level, for example to have some read only users, etc.
don't google "Django Postgres Tutorial", the only django tutorial you need is the official django tutorial.
the djangocentral article discusses django superusers, not postgres ones. a django superuser has no postgres superuser privileges, they are 2 different things.
> Django does doesn't even mention superusers
of course it does not mention superusers because django does not recommend creating db superusers for security reasons and it mentions them only in connection with installing postgres extensions, and that is a limitation of postgres, not django.
in my professional opinion a run of the mill web application does not need row level security, setting up schema-wide privileges correctly is hard enough. but if one needs it, it's one google search away that some people have tried to do it with django as well, it's a postgres concept and as such can be implemented in any other framework connecting to it.