estel/netbox
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

Finish features documentation

Browse Source
This commit is contained in:
jeremystretch
2022-08-11 15:29:26 -04:00
parent a7b78565a1
commit f9fb2cc698
9 changed files with 92 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
docs/features/authentication-permissions.md Normal file
View File

@@ -0,0 +1,49 @@
# Authentication & Permissions
## Object-Based Permissions
NetBox boasts a very robust permissions system which extends well beyond the model-based permissions of the underlying Django framework. Assigning permissions in NetBox involves several dimensions:
* The type(s) of object to which the permission applies
* The users and/or groups being granted the permissions
* The action(s) permitted by the permission (e.g. view, add, change, etc.)
* Any constraints limiting application of the permission to a particular subset of objects
The implementation of constrains is what enables NetBox administrators to assign per-object permissions: Users can be limited to viewing or interacting with arbitrary subsets of objects based on the objects' attributes. For example, you might restrict a particular user to viewing only those prefixes or IP addresses within a particular VRF. Or you might restrict a group to modifying devices within a particular region.
Permission constraints are declared in JSON format when creating a permission, and operate very similarly to Django ORM queries. For instance, here's a constraint that matches reserved VLANs with a VLAN ID between 100 and 199:
```json
[
{
"vid__gte": 100,
"vid__lt": 200
},
{
"status": "reserved"
}
]
```
Check out the [permissions documentation](../administration/permissions.md) for more information about permission constraints.
## LDAP Authentication
NetBox includes a built-in authentication backend for authenticating users against a remote LDAP server. The [installation documentation](../installation/6-ldap.md) provides more detail on this capability.
## Single Sign-On (SSO)
NetBox integrates with the open source [python-social-auth](https://github.com/python-social-auth) library to provide [myriad options](https://python-social-auth.readthedocs.io/en/latest/backends/index.html#supported-backends) for single sign-on (SSO) authentication. These include:
* Cognito
* GitHub & GitHub Enterprise
* GitLab
* Google
* Hashicorp Vault
* Keycloak
* Microsoft Azure AD
* Microsoft Graph
* Okta
* OIDC
...and many others. It's also possible to build your own custom backends as needed using python-social-auth's base OAuth, OpenID, and SAML classes. You can find some examples of configuring SSO in NetBox' [authentication documentation](../administration/authentication/overview.md).