should Django groups and permissions be hard-coded or bootstrapped?

I'm building an app that assumes the existence of certain groups and permissions for its workflow. For example, a "member" can log into the app and view and edit their personal data, but cannot see notes that would typically be displayed on the same screen. An "employee" can see those notes and create or edit their own, but only a "member manager" can delete or edit anyone's notes.

My issue is with bootstrapping the data for this app. I can create JSON fixture data for the groups, but then I have to hard-code the PKs, which seems like bad practice (what if a third party app I wanted to use did the same thing and there was a conflict?) A bigger issue is the permissions - I would have to add PKs to the permissions which in turn would have PKs to their content types.

I've read about using the post_syncdb hook to add initial data in a more programmatic fashion which I'm hoping will help me resolve the hard-coded PK issue. But I'm wondering whether this is the best solution to this problem, or if I'm "abusing" the Django Group and Permission concepts, here, and should be doing something else, like creating new models or just putting flags (like "is_member_manager") on my user profile model, etc.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/lzhz-lJSPlcJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.