2👍
✅
Your user probably has not permissions to add new users. It’s a normal behaviour to return 403 code in this case. View the doc, please: https://docs.djangoproject.com/en/dev/topics/auth/#django.contrib.auth.decorators.permission_required.
And (in this case) your user can have permission to delete users because it’s the decoupled permissions.
You can view permissions of the user it: http://yoursite.com/admin/auth/user/{user_id}/ ( from superuser or user that can view permissions of other users).
Update. The author of the question found the decision: the situation was because of Apache settings (switching mod_security off fixed the problem). Unfortunately I have not deep knowledge about the module and I can’t give more detailed information.
Source:stackexchange.com