Permissions for individual Groups/Racks?
715 views
Skip to first unread message
m...@spencerryan.com
Mar 20, 2017, 12:25:53 PM3/20/17
to NetBox
Hi All,
I'd like to have a group internally that has change/modify rights to any rack part of a specific group. Is this possible?
If not what is the best way to go about granting this type of permission? We are fine with everything being read only to everyone, and we want individual departments to have the ability to modify their racks.
Thanks!
I'd like to have a group internally that has change/modify rights to any rack part of a specific group. Is this possible?
If not what is the best way to go about granting this type of permission? We are fine with everything being read only to everyone, and we want individual departments to have the ability to modify their racks.
Thanks!
Jeremy Stretch
Mar 20, 2017, 9:08:36 PM3/20/17
to m...@spencerryan.com, NetBox
Unfortunately NetBox doesn't currently support object-level permissions. It's possible that we'll implement the concept at some point using a package like django-guardian, but it would likely be a very involved process. Some of the object models in NetBox are very closely interwoven and assigning object-based permissions isn't always as straightforward as you might assume.
For example, say you want to limit a set of users to a set of racks. Presumably, you'd want to allow them to create/update/delete devices within those racks, so when modifying a device we have to check for object-level permissions assigned to the rack within which a device has been installed (if any). But what about changing the IP address of a device; should that be restricted by rack as well? What if a user has model-level permission to modify all IP addresses, but doesn't have object-level permission to modify a device in a particular rack?--
You received this message because you are subscribed to the Google Groups "NetBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netbox-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to netbox-discuss@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/6a75ae15-ce7e-49e6-8f7b-cc6ad7401fd8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Message has been deleted
Evan Fisher
Mar 21, 2017, 7:11:46 PM3/21/17
to NetBox
What would you say are your top feature request priorities at this point other than API 2.0?
Thanks,
Evan
On Monday, March 20, 2017 at 9:08:36 PM UTC-4, Jeremy Stretch wrote:
JeremyI'm just speaking hypothetically; I guess my point is that there's a lot to consider and it just hasn't been on my radar yet. There's no shortage of feature requests competing for love.Unfortunately NetBox doesn't currently support object-level permissions. It's possible that we'll implement the concept at some point using a package like django-guardian, but it would likely be a very involved process. Some of the object models in NetBox are very closely interwoven and assigning object-based permissions isn't always as straightforward as you might assume.For example, say you want to limit a set of users to a set of racks. Presumably, you'd want to allow them to create/update/delete devices within those racks, so when modifying a device we have to check for object-level permissions assigned to the rack within which a device has been installed (if any). But what about changing the IP address of a device; should that be restricted by rack as well? What if a user has model-level permission to modify all IP addresses, but doesn't have object-level permission to modify a device in a particular rack?
On Mon, Mar 20, 2017 at 12:25 PM, <m...@spencerryan.com> wrote:
Hi All,
I'd like to have a group internally that has change/modify rights to any rack part of a specific group. Is this possible?
If not what is the best way to go about granting this type of permission? We are fine with everything being read only to everyone, and we want individual departments to have the ability to modify their racks.
Thanks!
--
You received this message because you are subscribed to the Google Groups "NetBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netbox-discus...@googlegroups.com.
To post to this group, send email to netbox-...@googlegroups.com.
Jeremy Stretch
Mar 22, 2017, 9:17:08 AM3/22/17
to Evan Fisher, NetBox
We have a loose roadmap, but I haven't thought much beyond the API work yet. I would like to replace the terrible RPC stuff I wrote for NetBox with NAPALM soon, but I need to extend it to support pulling inventory data.
To unsubscribe from this group and stop receiving emails from it, send an email to netbox-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to netbox-discuss@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/a80df31f-3b60-47b3-a2bb-ffa58a99c1df%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages