You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(This may be a duplicite, subset or superset of several other topics which I beg my pardon for.)
Proposed functionality
Allow to add/view/change/delete permissions at a component level of a selected compound object (i.e., now the virtualization.view_virtualmachine permission allows to view all components of all virtual machine instances and there is no way to further limit it AFAIK; the worse, IMHO, there are further flaws such that eg., if virtualization.change_virtualmachine is also permitted then the edit action misbehaves in sub-components data validation, eg., the IPv4 address etc.).
Use case
Allow a user or a group to add/view/change/delete selected components of a compound object instance only (i.e., Virtualization > Virtual Machine > { Name, Cluster, Some Custom Field }. The side effect would be that the user or the group will see only the allowed components in all applicable listings and also when editing the compound object only the objects with change/delete permissions will show selectors or allow their editing. Good use case would be to allow some group of users to allow only show Virtualization > Virtual Machine > { Name, Cluster, Some Custom Field } while allowing to change the Cluster only and nothing else.
If Netbox reached such level of permissions granularity RBAC could be considered as next logical step forward.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
(This may be a duplicite, subset or superset of several other topics which I beg my pardon for.)
Proposed functionality
Allow to add/view/change/delete permissions at a component level of a selected compound object (i.e., now the
virtualization.view_virtualmachine
permission allows to view all components of all virtual machine instances and there is no way to further limit it AFAIK; the worse, IMHO, there are further flaws such that eg., ifvirtualization.change_virtualmachine
is also permitted then the edit action misbehaves in sub-components data validation, eg., the IPv4 address etc.).Use case
Allow a user or a group to add/view/change/delete selected components of a compound object instance only (i.e.,
Virtualization > Virtual Machine > { Name, Cluster, Some Custom Field }
. The side effect would be that the user or the group will see only the allowed components in all applicable listings and also when editing the compound object only the objects with change/delete permissions will show selectors or allow their editing. Good use case would be to allow some group of users to allow only showVirtualization > Virtual Machine > { Name, Cluster, Some Custom Field }
while allowing to change theCluster
only and nothing else.If Netbox reached such level of permissions granularity RBAC could be considered as next logical step forward.
Beta Was this translation helpful? Give feedback.
All reactions