In my web application, a single user can have many accounts, but user has to login only once using his email and password. However, different accounts can have different permissions. Each account has its own session and the request.user will change depending on which account the user has logged in to. And there will be two types of login, the first type is when user logs into the website, and the other type is when user logs in into any of his account.
I used the django auth user model to store the user's email and password and use it only for first type login and it does not inherit the permissions mixin. And for accounts, I have an account model which does inherit permissions mixin. It is used for second type log in and relating each account to its set of permissions.
So is it a good practice to have permissions mixin used in some other model rather than the auth user model? If not, then why permissions is available as a mixin?