docs/models/users/objectpermission.md
An object permission grants the ability to perform one or more actions (e.g. view, add, change, delete) against a defined set of object types, and may be restricted to a subset of objects matching a configured filter. Permissions are assigned to users and/or groups; a user's effective permissions are the union of those assigned directly and those inherited via group membership.
See the permissions documentation for a detailed walkthrough of how permissions are evaluated.
A short, human-readable name for the permission.
An optional longer description of what the permission grants.
When unset, the permission is effectively disabled: it remains assigned to its users and groups, but is ignored during permission checks. This is useful for temporarily revoking access without altering assignments.
The list of NetBox model types to which this permission applies (e.g. dcim.device, ipam.prefix).
The list of actions granted by the permission. The standard CRUD actions are view, add, change, and delete. Models may also register custom actions (e.g. napalm on dcim.device); custom actions appear here when supported by the selected object types.
An optional Django ORM-style filter expressed as JSON. When set, the permission applies only to objects matching the filter. Multiple constraint sets may be supplied as a JSON list; an object matches if it satisfies any of the sets (logical OR).
For example, to grant a permission only over devices in a specific site:
{"site__slug": "ny-dc1"}
Or, to apply the permission to devices in either of two sites:
[
{"site__slug": "ny-dc1"},
{"site__slug": "sj-dc2"}
]