Object Permissions
An object permission grants the ability to perform one or more actions (e.g. view, add, change, delete) against a defined set of object types, and may be restricted to a subset of objects matching a configured filter. Permissions are assigned to users and/or groups; a user's effective permissions are the union of those assigned directly and those inherited via group membership.
See the permissions documentation for a detailed walkthrough of how permissions are evaluated.
Fields
Name
A short, human-readable name for the permission.
Description
An optional longer description of what the permission grants.
Enabled
When unset, the permission is effectively disabled: it remains assigned to its users and groups, but is ignored during permission checks. This is useful for temporarily revoking access without altering assignments.
Object Types
The list of NetBox model types to which this permission applies (e.g. dcim.device, ipam.prefix).
Actions
The list of actions granted by the permission. The standard CRUD actions are view, add, change, and delete. Models may also register custom actions (e.g. napalm on dcim.device); custom actions appear here when supported by the selected object types.
Constraints
An optional Django ORM-style filter expressed as JSON. When set, the permission applies only to objects matching the filter. Multiple constraint sets may be supplied as a JSON list; an object matches if it satisfies any of the sets (logical OR).
For example, to grant a permission only over devices in a specific site:
{"site__slug": "ny-dc1"}
Or, to apply the permission to devices in either of two sites:
[
{"site__slug": "ny-dc1"},
{"site__slug": "sj-dc2"}
]