Administration

Administration is the slice of Fabrik only admins see. Everything else in the product — queries, automations, Time Machine, notifications — is about doing work. Administration is about who gets to do what, and keeping a record of what they did.

Who counts as an admin

Two things grant admin access:

• Superuser flag on the Django user (is_superuser=true). Typically one or two accounts — the "break glass" admins that bootstrap the deployment.
• Membership in the built-in Admin group. Everyone who should routinely manage users and settings goes here.

Both are checked by the IsAdminOrSuperuser permission class on every admin endpoint. If neither is true, the request is rejected before the view runs.

Permission layers

Fabrik layers three permission systems on top of each other:

1. Superuser / Admin group — full bypass. An admin can do anything; per-model permission checks don't apply.
2. Django model permissions (add_savedquery, change_apicconnection, …) — regular users need the matching view_/add_/change_/delete_ permission, granted directly or via a group.
3. Group quotas — numeric limits (max saved queries, daily AWX requests, …) and feature toggles (can use AI builder, can export data, …) that apply on top of the model permissions.

This layering is intentional:

• Model permissions say which actions are possible at all.
• Quotas say how much of a permitted action a user can do.
• The Admin bypass keeps the administrative surface usable without having to grant every single Django permission to the Admin group.

Regular users see descriptive denials — "You do not have permission to edit saved queries. Contact your administrator to request access." — so they know what to ask for instead of hitting a generic 403.

Where the admin surface lives

Admin pages are grouped under Settings → Administration in the main nav. Non-admins don't see the nav entry; the backend also rejects direct API calls, so there's no way to reach admin views without the permission.

The admin endpoints are rate-limited more aggressively than regular API calls via a dedicated SensitiveActionThrottle — the goal is to make "walk the API to find a bug" attacks unproductive, not to slow down legitimate admin work.

The five admin surfaces

What admins can't do from the UI

A few capabilities are deliberately out of the admin surface:

• Change encryption keys. The Fernet ENCRYPTION_KEY lives in environment config — rotating it requires re-encrypting every credential and is an ops task, not a UI action.
• Edit another user's saved queries or connections. Admins can delete users (which cascades), but there is no "edit as user" UI. Impersonation is an explicit non-feature; if you need a user's data changed, delete and recreate, or help them do it themselves.
• Bypass the audit log. Admin actions are audited alongside everyone else's. The Admin group is a bypass for permissions, not for accountability.

Read the rest in order

If you're setting up Fabrik for the first time, read Users → Groups and quotas → LDAP → Audit logs. The first two pages are the ones you'll use on day one; LDAP only matters if you have a directory; audit logs mostly matter once something has gone wrong and you need the receipts.