NetBox Toolkit Plugin - Permissions Setup Guide¶
This guide shows how to set up permissions for the NetBox Toolkit Plugin using NetBox's Object-Based Permission system through the web interface.
Overview¶
The NetBox Toolkit Plugin uses NetBox's built-in Object-Based Permission system to provide granular access control for:
- Command Management (create, edit, delete commands)
- Command Execution (run show commands vs config commands)
- Command Log Access (view execution history)
Make sure to understand how to create commands before proceeding with permissions.
Permission Options Overview¶
The plugin uses NetBox's ObjectPermission system with these 3 key permission options:
1. Standard Permissions¶
- View - View command lists and details
- Add - Create new commands
- Change - Edit existing commands
- Delete - Remove commands
2. Custom Actions¶
execute_show
- Execute show/monitoring commands (read-only operations)execute_config
- Execute configuration commands (write operations)
3. Contraints¶
- Constraints - Filter available commands further by json command attributes (optional)
For Step by step examples, see the Permission Examples page.
Constraints Support¶
NetBox permissions allow you to limit permissions further by using JSON constraints:
Advanced Constraint Examples¶
AND Logic (all conditions must be true):
OR Logic (any condition can be true) - uses array format:
# Filter by platform (cisco_ios OR cisco_nxos)
[
{"platform__slug": "cisco_ios"},
{"platform__slug": "cisco_nxos"}
]
Field Value Lists (match any value in list similar to OR logic):
# Filter by platform (cisco_ios OR cisco_nxos OR juniper_junos)
{"platform__slug__in": ["cisco_ios", "cisco_nxos", "juniper_junos"]}
Text Pattern Matching:
# 3 Examples of Filtering by name pattern
{"name__icontains": "version"} // Name contains "version" (case-insensitive)
{"name__startswith": "show"} // Name starts with "show"
{"description__contains": "safe"} // Description contains "safe" (case-sensitive)
Basic Contraints Example:¶
Users Can Only View and Execute "show version" Commands Permission 1: View Subset of Commands
Name: "Toolkit - View Show Version Commands Only"
Object Types: Command Toolkit | command
Actions: ✓ view
Additional Actions: (leave empty)
Constraints: {"name__icontains": "show version"}
Groups: Junior Network Engineers
Name: "Toolkit - Execute Show Version Commands Only"
Object Types: Command Toolkit | command
Actions: (leave unchecked)
Additional Actions: execute_show
Constraints: {"name__icontains": "show version"}
Groups: Junior Network Engineers
Constraint Further Info¶
Constraints use Django ORM field lookups based on the Command model fields and related models.
Here are some common lookups you can use:
Common Field Lookups:
field
- Exact matchfield__in
- Match any value in listfield__icontains
- Case-insensitive containsfield__startswith
- Starts with valuefield__gte
- Greater than or equalfield__lt
- Less thanfield__contains
- Case-sensitive contains
Related Field Lookups:
platform__slug
- Access platform's slug fieldplatform__name
- Access platform's name fieldtags__name
- Access tag name (many-to-many relationship)