Replies: 6 comments 1 reply
-
|
I don't know how you'd tell which specific priv is missing, but I would note that creating a Device also creates Interfaces and other records, I think you'd need access to those as well.
—
Mark Tinberg ***@***.***>
Division of Information Technology-Network Services
University of Wisconsin-Madison
…________________________________
From: Michael Schwartzkopff ***@***.***>
Sent: Sunday, July 2, 2023 10:33 AM
To: netbox-community/netbox ***@***.***>
Cc: Subscribed ***@***.***>
Subject: [netbox-community/netbox] Permissions: Operation failed due to object-level permissions violation". (Discussion #13068)
I have a user that is allowed to create / add devices. He also has the right to read sites, roles, types. But when creating a new device netbox tells me: "Operation failed due to object-level permissions violation". How can I check, what specific permission is missing?
—
Reply to this email directly, view it on GitHub<#13068>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAS7UM72OUXOX2XHTD3KAF3XOGIGPANCNFSM6AAAAAAZ3QLSNI>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
Thanks. Is there a something like a log that tells you what specific permission is missing? |
Beta Was this translation helpful? Give feedback.
-
|
I don't know offhand, but you can look at the LOGGING in configuration.py and the docs for how to update the logging config and the source to figure out the identifier to turn the auth logging to debug to see if there is a message with more detail. sudo journalctl -f -u netbox -u netbox-rqworker should tail and follow the logs emitted from the netbox service and job runner either through stderr or syslog.
—
Mark Tinberg ***@***.***>
Division of Information Technology-Network Services
University of Wisconsin-Madison
…________________________________
From: Michael Schwartzkopff ***@***.***>
Sent: Monday, July 3, 2023 9:53 AM
To: netbox-community/netbox ***@***.***>
Cc: Mark Tinberg ***@***.***>; Comment ***@***.***>
Subject: Re: [netbox-community/netbox] Permissions: Operation failed due to object-level permissions violation". (Discussion #13068)
Thanks. Is there a something like a log that tells you what specific permission is missing?
—
Reply to this email directly, view it on GitHub<#13068 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAS7UM5ABYMAMWPDAFSSKUTXOLMILANCNFSM6AAAAAAZ3QLSNI>.
You are receiving this because you commented.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
I tried this already, but my selinux kicks in and does not allow logging. I did not have the time to disable selinux or to write the policies. I will check when I have some more time. |
Beta Was this translation helpful? Give feedback.
-
|
Just in case it helps. I tried it out with the permissions you mentioned, and I had no issues creating a device at all in v3.5.4. Permissions set: I even tried with no view permission for device and it still worked. |
Beta Was this translation helpful? Give feedback.
-
|
Ok.
I haven't had problems with SELinux when using syslog as the logging handler and didn't need to write any custom policy files for Netbox. On my EL7 system /opt/netbox/shared is directly writable for {application,requests}.log files as well, as etc_t owned by netbox:netbox 0640
Good luck
—
Mark Tinberg ***@***.***>
Division of Information Technology-Network Services
University of Wisconsin-Madison
…________________________________
From: Michael Schwartzkopff ***@***.***>
Sent: Monday, July 3, 2023 10:04 AM
To: netbox-community/netbox ***@***.***>
Cc: Mark Tinberg ***@***.***>; Comment ***@***.***>
Subject: Re: [netbox-community/netbox] Permissions: Operation failed due to object-level permissions violation". (Discussion #13068)
I tried this already, but my selinux kicks in and does not allow logging. I did not have the time to disable selinux or to write the policies. I will check when I have some more time.
—
Reply to this email directly, view it on GitHub<#13068 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAS7UM425ZJOMQZDSXC2RMTXOLNQFANCNFSM6AAAAAAZ3QLSNI>.
You are receiving this because you commented.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
I had the same problem as @misch42. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I have a user that is allowed to create / add devices. He also has the right to read sites, roles, types. But when creating a new device netbox tells me: "Operation failed due to object-level permissions violation". How can I check, what specific permission is missing?
Beta Was this translation helpful? Give feedback.
All reactions