starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Related Objects not showing for a user that has limited permissions #10869

New Issue
Closed
opened 2025-12-29 21:36:59 +01:00 by adam · 9 comments
adam commented 2025-12-29 21:36:59 +01:00
Owner
Copy Link

Originally created by @ZachHoiberg on GitHub (Mar 10, 2025).

Deployment Type

NetBox Cloud

NetBox Version

v4.2.5

Python Version

3.11

Steps to Reproduce

Create a user with limited permissions to certain objects (I.E. we have production users who only can view prefixes, VRFs, and IP addresses with a production tag on them. They have read-only access to all sites).

Using this user, navigate to the sites view for a particular site.

Related objects will display none instead of the prefixes they have access to.

Navigating to the IPAM prefix view will show all of the prefixes they have access to.

Expected Behavior

The user should be able to see the related objects they have permissions to view

Observed Behavior

The user cannot see related objects

Originally created by @ZachHoiberg on GitHub (Mar 10, 2025). ### Deployment Type NetBox Cloud ### NetBox Version v4.2.5 ### Python Version 3.11 ### Steps to Reproduce Create a user with limited permissions to certain objects (I.E. we have production users who only can view prefixes, VRFs, and IP addresses with a production tag on them. They have read-only access to all sites). Using this user, navigate to the sites view for a particular site. Related objects will display none instead of the prefixes they have access to. Navigating to the IPAM prefix view will show all of the prefixes they have access to. ### Expected Behavior The user should be able to see the related objects they have permissions to view ### Observed Behavior The user cannot see related objects
adam added the type: bug label 2025-12-29 21:36:59 +01:00
adam closed this issue 2025-12-29 21:36:59 +01:00
adam commented 2025-12-29 21:36:59 +01:00
Author
Owner
Copy Link

@ZachHoiberg commented on GitHub (Mar 10, 2025):

Additionally, we were previously on version 4.1.3 which did not seem to have this issue.

@ZachHoiberg commented on GitHub (Mar 10, 2025): Additionally, we were previously on version 4.1.3 which did not seem to have this issue.
adam commented 2025-12-29 21:36:59 +01:00
Author
Owner
Copy Link

@jnovinger commented on GitHub (Mar 10, 2025):

@ZachHoiberg , thank you for opening a bug report. Unfortunately, the information you have provided is not sufficient for someone else to attempt to reproduce the reported behavior. Each bug report must include detailed steps that someone else can follow on a clean, empty NetBox installation to reproduce the exact problem you're experiencing. These instructions should include the creation of any involved objects, any configuration changes, and complete accounting of the actions being taken. Also be sure that your report does not reference data on the public NetBox demo, as that is subject to change at any time by an outside party and cannot be relied upon for bug reports.

@jnovinger commented on GitHub (Mar 10, 2025): @ZachHoiberg , thank you for opening a bug report. Unfortunately, the information you have provided is not sufficient for someone else to attempt to reproduce the reported behavior. Each bug report must include detailed steps that someone else can follow on a clean, empty NetBox installation to reproduce the exact problem you're experiencing. These instructions should include the creation of any involved objects, any configuration changes, and complete accounting of the actions being taken. Also be sure that your report does not reference data on the public NetBox demo, as that is subject to change at any time by an outside party and cannot be relied upon for bug reports.
adam commented 2025-12-29 21:37:00 +01:00
Author
Owner
Copy Link

@ZachHoiberg commented on GitHub (Mar 11, 2025):

  1. Create a tag in Netbox
  2. Create an IPAM role in Netbox under /ipam/roles/ with any name and slug, default weight.
  3. Create a new site
  4. Create a VRF within Netbox, tag it with the new tag.
  5. Create a prefix in netbox, assign it with the new role and tag. Assign it to the site.
  6. Create an IP address within that prefix and assign it with the tag.
  7. Create a permission in Netbox to View only DCIM | Sites with no constraints
  8. Create a permission in Netbox to View only IPAM | prefix with the following constraint:
    { "role_id": "1"}
  9. Create a permission in Netbox to View/Add/Change only IPAM | IP Address with the following constrant:{
    {"tags": "1"}
  10. Create a permission in Netbox to View only Extras | tag with no constraints
  11. Create a permission in Netbox to View only IPAM | VRF with the following constraint:
    {"tags": "1"}
  12. Assign these permissions to a specific user for testing purposes
  13. Login as that user
  14. Navigate to the site. The related objects field should be empty.
@ZachHoiberg commented on GitHub (Mar 11, 2025): 1. Create a tag in Netbox 2. Create an IPAM role in Netbox under /ipam/roles/ with any name and slug, default weight. 3. Create a new site 4. Create a VRF within Netbox, tag it with the new tag. 5. Create a prefix in netbox, assign it with the new role and tag. Assign it to the site. 6. Create an IP address within that prefix and assign it with the tag. 7. Create a permission in Netbox to View only DCIM | Sites with no constraints 8. Create a permission in Netbox to View only IPAM | prefix with the following constraint: `{ "role_id": "1"}` 9. Create a permission in Netbox to View/Add/Change only IPAM | IP Address with the following constrant:{ `{"tags": "1"}` 10. Create a permission in Netbox to View only Extras | tag with no constraints 11. Create a permission in Netbox to View only IPAM | VRF with the following constraint: `{"tags": "1"}` 12. Assign these permissions to a specific user for testing purposes 13. Login as that user 14. Navigate to the site. The related objects field should be empty.
adam commented 2025-12-29 21:37:00 +01:00
Author
Owner
Copy Link

@jnovinger commented on GitHub (Mar 17, 2025):

@ZachHoiberg , can you be more specific about step #2? What sort of role, a "Prefix & VLAN Role", a "Device Role", something else? How is the role configured?

@jnovinger commented on GitHub (Mar 17, 2025): @ZachHoiberg , can you be more specific about step #2? What sort of role, a "Prefix & VLAN Role", a "Device Role", something else? How is the role configured?
adam commented 2025-12-29 21:37:01 +01:00
Author
Owner
Copy Link

@ZachHoiberg commented on GitHub (Mar 17, 2025):

@ZachHoiberg , can you be more specific about step #2? What sort of role, a "Prefix & VLAN Role", a "Device Role", something else? How is the role configured?

I have updated my above comment.

@ZachHoiberg commented on GitHub (Mar 17, 2025): > [@ZachHoiberg](https://github.com/ZachHoiberg) , can you be more specific about step [#2](https://github.com/netbox-community/netbox/pull/2)? What sort of role, a "Prefix & VLAN Role", a "Device Role", something else? How is the role configured? I have updated my above comment.
adam commented 2025-12-29 21:37:01 +01:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Mar 25, 2025):

This is a reminder that additional information is needed in order to further triage this issue. If the requested details are not provided, the issue will soon be closed automatically.

@github-actions[bot] commented on GitHub (Mar 25, 2025): This is a reminder that additional information is needed in order to further triage this issue. If the requested details are not provided, the issue will soon be closed automatically.
adam commented 2025-12-29 21:37:01 +01:00
Author
Owner
Copy Link

@ZachHoiberg commented on GitHub (Mar 25, 2025):

@jnovinger

I have added the requested information for step 2.

Thank you.

@ZachHoiberg commented on GitHub (Mar 25, 2025): @jnovinger I have added the requested information for step 2. Thank you.
adam commented 2025-12-29 21:37:01 +01:00
Author
Owner
Copy Link

@arthanson commented on GitHub (Mar 26, 2025):

@ZachHoiberg the repro steps are fairly involved so I may be missing something, but it appears to work correctly for me, this is on NetBox v4.2.6. When I go to view the site detail I get the one prefix in Related Objects which is all that appears in the IPAM > Prefixes list (see screenshots). You mention in your first report "Related objects will display none instead of the prefixes they have access to." but in your second step 14 you state "The related objects field should be empty." I'm not seeing it empty and for the permissions that looks correct?

Image
Image

@arthanson commented on GitHub (Mar 26, 2025): @ZachHoiberg the repro steps are fairly involved so I may be missing something, but it appears to work correctly for me, this is on NetBox v4.2.6. When I go to view the site detail I get the one prefix in Related Objects which is all that appears in the IPAM > Prefixes list (see screenshots). You mention in your first report "Related objects will display none instead of the prefixes they have access to." but in your second step 14 you state "The related objects field should be empty." I'm not seeing it empty and for the permissions that looks correct? ![Image](https://github.com/user-attachments/assets/6c7661f3-7f2f-4cd6-9cd2-77ded59315b7) ![Image](https://github.com/user-attachments/assets/875b7dc1-358c-4d4e-ae6b-7ac968b9815c)
adam commented 2025-12-29 21:37:02 +01:00
Author
Owner
Copy Link

@ZachHoiberg commented on GitHub (Mar 26, 2025):

@arthanson

This appears to have been caused by some scripting that was removing the tag from some of our prefixes. I don't think there's an actual bug here, just some Layer 8 issue.

Thanks again.

@ZachHoiberg commented on GitHub (Mar 26, 2025): @arthanson This appears to have been caused by some scripting that was removing the tag from some of our prefixes. I don't think there's an actual bug here, just some Layer 8 issue. Thanks again.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label type: bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#10869
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?