Imagine these models: 
User has many Buckets and each Bucket has many Items. User A only sees his own list of buckets and items in it. Now, I want to give user B permission to see user's A buckets but not items. Is this possible with Django built-in permission system or I need something like django-guardian for this purpose?
I am new to django and I am a little confused.
Django has two different levels of permissions when it comes to models: model-level and object-level.
Model-level permissions are the default type in Django, and they are enforced by the default permissions backend. They work on an "all or nothing" basis, so a user can either have a permission (such as removing) for all objects of a model, or they don't.
If you are running into a situation where "User A needs to be able to remove any comment" or "User B needs to be able to edit any blog post", you are probably looking for model-level permissions.
Object-level permissions are supported in Django, but they require you to use a third-party permission backend. They work in a similar way to model-level permissions, but instead of being "all or nothing" on all model objects, it is only for a single object. There are many packages out there for object-level permissions, and the one you choose depends on what you need out of the permission backend.
If you are running into a situation where "User A needs to be able to remove only objects where they are the creator" or "User B needs to be able to remove a subset of objects", you are probably looking for object-level permissions.
You appear to be interested in object-level permissions.