netbox icon indicating copy to clipboard operation
netbox copied to clipboard

Published 20 hours ago verified publisher icon netbox-community

Create better protection against the deletion of devices.

Open LHBL2003 opened this issue 1 year ago • 1 comments

NetBox version

v3.6.6

Feature type

Data model extension

Proposed functionality

Create better protection against the deletion of devices.

Possible idea

One possible idea would be as with Windows domain controllers and their OUs. See example here: https://www.wintips.org/fix-object-is-protected-from-accidental-deletion-you-do-not-have-sufficient-privileges-to-delete-ou/

Improvement related to Netbox: A Device is created and a field "Protect Device from accidental deletion" is set to TRUE. If an operator deletes a Device, he receives the message that this Device is protected against deletion. The operator must set the protection to FALSE in the properties before he can delete the device.

Reason:

When I set up Netbox, the same thing happened to me as happened to a colleague today. Only I had deleted 2 devices and he had deleted 26 devices. He too had already sorted many devices into racks. But he too has only now fallen into the trap.

How did this happen / how can something like this happen?

A rack with devices already documented in Netbox is to be reorganized for planning.

  • He has taken a screenshot of the rack and wanted to remove all Devices from the rack.
  • He clicks on a device in the rack and clicks on Delete.
  • He repeated this until all devices had been removed from the rack. Only when he added them did he realize that he had not deleted the devices from the rack, but the device itself.

Result: We had to restore a backup from the previous day. Fortunately, I only made one small change that I was able to document. Otherwise the change would have been lost one day. Or the colleague would have had to recreate and document many devices.

Use case

Devices are not accidentally deleted, which involves a lot of work. After all, this is the core of everything.

Database changes

No response

External dependencies

No response

LHBL2003 avatar Jan 31 '24 16:01 LHBL2003

IMO, there is a way to do this without requiring too much deep diving. Object based permissions, simply change your delete permission to require a specific option first (for example, "device__status": "offline") or remove permissions from colleagues all together.

DanSheps avatar Jan 31 '24 21:01 DanSheps

While I can appreciate the use case, it's unlikely we'd be able to identify a built-in solution that works for everyone without inhibiting certain workflows. However, this is a great use case for custom object protection rules, which can be used to safeguard against the deletion of objects that don't meet the prescribed criteria.

jeremystretch avatar Mar 08 '24 22:03 jeremystretch