Permissions constraints

[wannagofast83]

I am trying to figure out how to do permissions constraints to limit a group of users to have full access to specific sites and/or locations and all the things within that site.

I created a group called eng and am trying to apply the permissions to that group.
There is one location that I want them to have full access to and then, eventually, I will probably have other sites.
The site ID is 396 and lets call the site SiteA
The other site is 331 and I'll call that one SiteB but I only want them to be able to access one location called SiteB-Loc1(id=67)

Can someone help me and point me in the right direction?

[pv2b]

This blog post does a pretty good job explaining how to do something similar to what you want: https://www.packetcoders.io/mastering-nextbox-user-access-with-permission-constraints/

You will also find this documentation useful: https://netboxlabs.com/docs/netbox/en/stable/administration/permissions/

To summarize, there's no easy way to say "everything within a site". You'll have to create permissions for every object type, and then, depending on the object type, your constraints may be different.

For example, to allow access to the site objects themselves, you may put in a permission to site objects, with a constraint like:

{"id__in": [396,331]}

But this will of course only allow access to the site, i.e. entering its information about its address, which site group it's in, etc.

To allow access for objects within a site, e.g. devices or locations, you'd need something like:

{"site__id__in": [396,331]}

This can get complicated quickly. As far as I'm aware, there's no way to say "everything related to site X".

[candlerb]

I think that should be "site_id__in" not "site__id__in"