How to avoid seeing sensitive user data in django admin page?

Question

I have done a django web app in which users can input some data. I have created a super user and as the admin of the app I can see the data input by users which is fine for name and not sensitive data but I do not want to be able to see their sensitive data such as health data.

I have used the encrypt module from django_cryptography.fields as follow:

health_data = encrypt(models.IntegerField(default=140))

I figured out that if I am looking at the database from external script or simple DBbrowser, it works well as I cannot see the sensitive data. But I understood that this is seamless in the django admin: in django admin page it is decrypting before it is rendered.

So I am ok with the encrypt data which is additional safety but this was not my first goal. I want to have the super user but I want that I am not able to see their sensitive data. Do you have any ideas ? I appreciate your time reading.

Answer 1

As suggested here I changed my admin code from this:

from django.contrib import admin
from .models import MyModel

# Register your models here.
admin.site.register(MyModel)

to this:

@admin.register(MyModel)
class MyModelAdmin(admin.ModelAdmin):
    # avoid admin can see the sensitive data in admin page
    fields = ("non_sensitive_field1", "non_sensitive_field2",...,)

By this way I customize the rendered fields in admin page. I cannot see anymore the sensitive data from users in the admin page which is the behavior I wanted.