Admin does take into account permissions from `django.auth`. However, they aren't very flexible: no per-object access control available by default, for example. Also, anyone not trusted probably shouldn't be able to access admin site anyway, if possible.
Permissions could be useful for quick customization, though—you can hide the apps admin staff certainly won't need to access, and simplify the UI that way.
Permissions could be useful for quick customization, though—you can hide the apps admin staff certainly won't need to access, and simplify the UI that way.