Super-administrator should not have all permissions over the api
Superusers having all permissions on API is breaking the app.
From a technical point of view, I believe that it makes no sense to provide this to super-admins.
While I agree that the Django's administration allow edition of everything, when I'm administrator on an Hubl instance, I'm not allowed to edit an user's profile. It's still their datas.