How to map permissions constraints to branches? #105
-
Hi all, I see the plugin has permissions for CRUD actions on branches themselves, but that is not necessarily in-scope of what I'm asking for. I'm looking for a way to restrict my technicians to only being able to update objects on non-Main branches. For example, techs can add/update/delete any Devices on ANY branch except 'Main'. It seems to me the way to do this is to use Permissions Constraints and give access on all relevant objects, with a constraint that identifies "only objects on non-Main" branches. I started playing around with the nbshell utility to try identifying the specific Django queryset(s) needed, but am coming up short. Can anyone provide guidance on how to restrict users in this capacity? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
Hey @dakotah-hurda CRUD actions are global across main and branches. You may be able to solve this with Permission Constraints but that's not something we've spent time on. One approach we have seen is to allow users to write any changes to a branch, but limit who can merge branches, so the contents of the branch can be checked first. I believe these are the correct settings: Please note that this will mean that the users will not be able to change the description of the branch either. |
Beta Was this translation helpful? Give feedback.
Hey @dakotah-hurda you're right, my suggestion doesn't fully solve your problem.
The ability to protect main fully ("protected main") is possible in NetBox Change Management, when used along side NetBox Branching. Change Management is going into preview this week (I don't have the exact day yet) so keep an eye out of that.
That's a very good question. I'll come back to you.