-
Notifications
You must be signed in to change notification settings - Fork 2
/
rules.yaml
124 lines (109 loc) · 2.27 KB
/
rules.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
##############
# USER FLAGS #
##############
# Refer to the Django User model documentation:
# https://docs.djangoproject.com/en/2.2/ref/contrib/auth/#user-model
_is_active:
groups:
- Access-NetBox-Active
perms:
- extras.*_customfieldvalue
- extras.*_objectchange
- taggit.*
- users.*_token
- '*.view_*'
_is_denied:
groups:
- Access-NetBox-Deny
_is_staff:
groups:
- Access-NetBox-Admin
_is_super:
groups:
- Access-NetBox-Admin
################
# ADMIN GROUPS #
################
# Grants full access to circuits and IPAM.
admin_network:
groups:
- Access-NetBox-Admin-Network
perms:
- circuits.*
- ipam.*
# Grants full access to DCIM.
admin_dcim:
groups:
- Access-NetBox-Admin-DCIM
perms:
- dcim.*
# Grants the ability to manage device models.
admin_dcim_model:
groups:
- Access-NetBox-Admin-DCIM-Model
perms:
- dcim.*_consoleporttemplate
- dcim.*_consoleserverporttemplate
- dcim.*_devicebaytemplate
- dcim.*_devicetype
- dcim.*_frontporttemplate
- dcim.*_interfacetemplate
- dcim.*_manufacturer
- dcim.*_poweroutlettemplate
- dcim.*_powerporttemplate
- dcim.*_rearporttemplate
#############
# TEMPLATES #
#############
# Grants access to devices and virtual machines by tenant.
.system_tenant:
perms:
- dcim.*_consoleport
- dcim.*_consoleserverport
- dcim.*_device
- dcim.*_devicebay
- dcim.*_frontport
- dcim.*_interface
- dcim.*_inventoryitem
- dcim.*_poweroutlet
- dcim.*_powerport
- dcim.*_rearport
- dcim.*_virtualchassis
- virtualization.*_virtualmachine
context:
attributes:
- device.tenant.name
- master.tenant.name
- tenant.name
- virtual_machine.tenant.name
tenants:
- Unassigned
rule: >
match_or_none(*attributes, tenants)
#########
# ROLES #
#########
system_tenant_appdev:
base:
- .system_tenant
context:
tenants:
- Application Development
groups:
- Access-AppDev-Team
system_tenant_automation:
base:
- .system_tenant
context:
tenants:
- Automation Services
groups:
- Access-Automation-Team
system_tenant_database:
base:
- .system_tenant
context:
tenants:
- Database Support
groups:
- Access-Database-Team