Django REST Framework - Permissions Matrix
A guide to DRF’s built-in permission classes.
| Permission Class | Unauthenticated Write | Unauthenticated Read | Authenticated |
|---|---|---|---|
AllowAny |
|||
IsAuthenticatedOrReadOnly |
Forbidden | ||
IsAuthenticated |
Forbidden | Forbidden | |
DjangoModelPermissionsOrAnonReadOnly |
Forbidden | Write requires Model Permissions | |
DjangoModelPermissions |
Forbidden | Forbidden | Write requires Model Permissions |
DjangoObjectPermissions |
Forbidden | Forbidden | Write requires Object Permissions |
IsAdminUser |
Forbidden | Forbidden | Admin only |
- Write access means
POST,PUT,PATCHandDELETE.