If you create objects (cables, devices, IPs, almost everything...) without specifying a tenant while you have no rights to create them without a tenant, they are still created as “zombies” and cannot be deleted. #11221

New Issue

Closed

opened 2025-12-29 21:42:08 +01:00 by adam · 4 comments

adam commented 2025-12-29 21:42:08 +01:00

Owner

Copy Link

Originally created by @jr3001 on GitHub (May 27, 2025).

Deployment Type

Self-hosted

NetBox Version

v4.2.7

Python Version

3.10

Steps to Reproduce

1. Create a user of type "Employee"
2. Create a Tenant and name it what you want, copy the tenant_id out of the url.
3. Give the user OR group only Tenant specific rights to e.g. create a Device
   1. to do this you go as admin to "Admin" -> "Permissions" create a new permission, allow actions "Can view", "Can add", "Can change" & "Can delete" and then assign permissions:
      • DCIM > Device
   2. you assign the permission to the user.
   3. at the end you paste the following under "Restrictions" of the Permission and replace the tenant_id with the tenant you created bevore.
      {"tenant__id": 22}
      it can look like that:
      
   4. to make the user able to see Device-types and roles and stuff you create a second permission non-tenant specific, to do this start the creation process allow action "Can view" only and select the following permissions after assigning the permission to the User:
      • DCIM > Devicerole
      • DCIM > Devicetype
      • DCIM > Location

it can look like that:

5. Try to create a Device using NO TENANT with the Test User.
   • you will get error: Operation failed due to object-level permissions violation

6. Login as Admin
7. Search for the Device name or similar, you will find the device.
8. Try to edit the Zombie, you will get an error but it will apply the change.```<class 'dcim.models.devices.Device.DoesNotExist'>evice matching query does not exist.

Python-Version: 3.11.2
NetBox-Version: 4.2.7
Plugins:
netbox_branching: 0.5.4
netbox_documents: 0.7.2
netbox_interface_synchronization: 4.1.6
netbox_inventory: 2.3.0
netbox_ipcalculator: 1.4.9
netbox_topology_views: 4.2.1

7. Try to delete the device, its impossible due to:

<class 'dcim.models.devices.Device.DoesNotExist'>

Device matching query does not exist.

Python-Version: 3.11.2
NetBox-Version: 4.2.7
Plugins:
netbox_branching: 0.5.4
netbox_documents: 0.7.2
netbox_interface_synchronization: 4.1.6
netbox_inventory: 2.3.0
netbox_ipcalculator: 1.4.9
netbox_topology_views: 4.2.1

### Expected Behavior

Device is not going to be created due to permissions.

### Observed Behavior

User got error `Operation failed due to object-level permissions violation` but a zombie/broken device got created.

Originally created by @jr3001 on GitHub (May 27, 2025). ### Deployment Type Self-hosted ### NetBox Version v4.2.7 ### Python Version 3.10 ### Steps to Reproduce 1. Create a user of type "Employee" 2. Create a Tenant and name it what you want, copy the tenant_id out of the url. 3. Give the user OR group only Tenant specific rights to e.g. create a Device 1. to do this you go as admin to "Admin" -> "Permissions" create a new permission, allow actions "Can view", "Can add", "Can change" & "Can delete" and then assign permissions: - DCIM > Device 2. you assign the permission to the user. 3. at the end you paste the following under "Restrictions" of the Permission and replace the tenant_id with the tenant you created bevore. `{"tenant__id": 22}` it can look like that:  4. to make the user able to see Device-types and roles and stuff you create a **second** permission non-tenant specific, to do this start the creation process allow action "Can view" only and select the following permissions after assigning the permission to the User: - DCIM > Devicerole - DCIM > Devicetype - DCIM > Location it can look like that:  5. Try to create a Device using NO TENANT with the Test User. - you will get error: Operation failed due to object-level permissions violation   6. Login as Admin 7. Search for the Device name or similar, you will find the device. 8. Try to edit the Zombie, you will get an error but it will apply the change.```<class 'dcim.models.devices.Device.DoesNotExist'>evice matching query does not exist. Python-Version: 3.11.2 NetBox-Version: 4.2.7 Plugins: netbox_branching: 0.5.4 netbox_documents: 0.7.2 netbox_interface_synchronization: 4.1.6 netbox_inventory: 2.3.0 netbox_ipcalculator: 1.4.9 netbox_topology_views: 4.2.1 ``` 7. Try to delete the device, its impossible due to: ``` <class 'dcim.models.devices.Device.DoesNotExist'> Device matching query does not exist. Python-Version: 3.11.2 NetBox-Version: 4.2.7 Plugins: netbox_branching: 0.5.4 netbox_documents: 0.7.2 netbox_interface_synchronization: 4.1.6 netbox_inventory: 2.3.0 netbox_ipcalculator: 1.4.9 netbox_topology_views: 4.2.1 ``` ### Expected Behavior Device is not going to be created due to permissions. ### Observed Behavior User got error `Operation failed due to object-level permissions violation` but a zombie/broken device got created.

adam added the type: bug label 2025-12-29 21:42:08 +01:00

adam closed this issue 2025-12-29 21:42:08 +01:00

adam commented 2025-12-29 21:42:08 +01:00

Author

Owner

Copy Link

@jr3001 commented on GitHub (May 27, 2025):

any way to delete the devices without having to edit postgresql and having no clue what do to exactly in it? Like can i say netbox, please ignore that error and delete everything as normal but with ignoring errors?

@jr3001 commented on GitHub (May 27, 2025): any way to delete the devices without having to edit postgresql and having no clue what do to exactly in it? Like can i say netbox, please ignore that error and delete everything as normal but with ignoring errors?

adam commented 2025-12-29 21:42:09 +01:00

Author

Owner

Copy Link

@arthanson commented on GitHub (May 27, 2025):

@jr3001 I'm not seeing this, but the reproduction steps are a bit unclear - can you please check and update your Steps to Reproduce, detailing exactly what permissions you have enabled (for example to create a device like this you would need perms on Device, Device Role, Device Type and Site) can you please explicitly detail what permission are required to reproduce - I'm not sure what you mean by "Tenant specific rights".

@arthanson commented on GitHub (May 27, 2025): @jr3001 I'm not seeing this, but the reproduction steps are a bit unclear - can you please check and update your Steps to Reproduce, detailing exactly what permissions you have enabled (for example to create a device like this you would need perms on Device, Device Role, Device Type and Site) can you please explicitly detail what permission are required to reproduce - I'm not sure what you mean by "Tenant specific rights".

adam commented 2025-12-29 21:42:09 +01:00

Author

Owner

Copy Link

@jr3001 commented on GitHub (May 28, 2025):

@jr3001 I'm not seeing this, but the reproduction steps are a bit unclear - can you please check and update your Steps to Reproduce, detailing exactly what permissions you have enabled (for example to create a device like this you would need perms on Device, Device Role, Device Type and Site) can you please explicitly detail what permission are required to reproduce - I'm not sure what you mean by "Tenant specific rights".

you are right, i just updated it. and i noticed that i may be only netbox-branching related. i think i need to move the issue, since i can only reproduce it using a branch, mehhh..........

@jr3001 commented on GitHub (May 28, 2025): > [@jr3001](https://github.com/jr3001) I'm not seeing this, but the reproduction steps are a bit unclear - can you please check and update your Steps to Reproduce, detailing exactly what permissions you have enabled (for example to create a device like this you would need perms on Device, Device Role, Device Type and Site) can you please explicitly detail what permission are required to reproduce - I'm not sure what you mean by "Tenant specific rights". you are right, i just updated it. and i noticed that i may be only netbox-branching related. i think i need to move the issue, since i can only reproduce it using a branch, mehhh..........

adam commented 2025-12-29 21:42:10 +01:00

Author

Owner

Copy Link

@arthanson commented on GitHub (May 28, 2025):

@jr3001 I'll close this issue for now, if you can get repro steps and it is only with branching then please open it in netbox branching. If the repro steps do not require netbox branching then please re-open it here with repro steps.

@arthanson commented on GitHub (May 28, 2025): @jr3001 I'll close this issue for now, if you can get repro steps and it is only with branching then please open it in netbox branching. If the repro steps do not require netbox branching then please re-open it here with repro steps.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label type: bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#11221