Restricting which users can create DeviceTypes #17755
Replies: 1 comment 1 reply
-
|
Could you do it the other way round, i.e. add a tag "approved" after the device type has been checked, and users can only create devices from types which have that tag? This does give you the opposite problem, in that you have to trust users who create device types not to add the "approved" tag themselves, but I think that should be self-policing. Another option might be to have a custom field for approval, which the user doesn't have permissions to edit (read-only), but a custom script can be used to change it. |
Beta Was this translation helpful? Give feedback.
-
|
If I do that, then I'd be looking for a way to restrict them to only add/change DeviceTypes which do not have the A custom script might work, although I'm a bit reluctant to add more custom fields if there's another way. I'm also going to look into the new branching / change management feature. |
Beta Was this translation helpful? Give feedback.
-
If a DeviceType is created incorrectly (e.g. missing an Interface), then a bunch of Devices are created from it, this can cause a big mess. So I would like to implement a system whereby DeviceTypes can be created by anyone, but they must be reviewed by a Netbox "power user" before they can be used to create new Devices. So the permissions for a standard user would look like this:
needs-reviewtagneeds-reviewtagneeds-reviewDoes this sound like a good idea, or is there a better way to tackle this?
I created the first permission like this
I'm having trouble creating the second permission. I tried this constraint:
{"device_type__tags__name__n": "needs-review"}. But it gives an error:Invalid filter for <class 'dcim.models.devices.DeviceType'>: Unsupported lookup 'n' for CharField or join on the field not permitted, perhaps you meant in?.Edit: I found #4949 so maybe this is not possible...
Beta Was this translation helpful? Give feedback.
All reactions