Create a new permission with object_type all or * is possible?

[joaofeteira]

Hi,

I am trying to create a new Permission to associate to a user/group via API . Is it possible to define a wildcard * or "all" to encompass all object types in the object_types field? If not where can I check the full list of object types? the objective is to create a read only user that has read access to every object.

Thanks

[pheus]

Hi,
I’m curious: why do you need to create the permission itself via the API?
Usually, the permission only needs to be created once, and then you can assign it to multiple groups or users (which you can certainly do via the API). A common approach is to create a dedicated “read-only” group with the appropriate permission and then simply assign users to that group.

As for your question:
I’m not aware of a way to use a wildcard (such as * or all) for object_types. However, you can retrieve the full list of available object types via the API (NetBox v4.4):

GET /api/core/object-types/

[joaofeteira]

Hi,

thanks a lot for the help, I am going to check the full list of object types.
To clarify I am using the netbox provider https://registry.terraform.io/providers/e-breuninger/netbox/latest/docs but since the permissions resource uses exactly the same parameters as passed through the API for the object_type I thought I would get more responses just mentioning the API.
Regarding to the why, I understand and agree with you, but I want to have every bit of the configuration as code.
Thanks!

[pheus]

You're welcome.
Thanks for the insights. This is quite reasonable. :)

[joaofeteira]

ok just for sake of completeness two simple ways to get all the object types:

1- https://netboxlabs.com/docs/netbox/development/models/#models-index
2- Python script (powered by Claude) that you can use to get the full list of object types in a format that can be copy pasted to the terraform provider resource (just create a new API Token and replace APITOKEN in the code)

# /// script
# requires-python = ">=3.13"
# dependencies = [
#     "requests",
# ]
# ///
import requests
import json

def extract_object_type_names(api_url, token):
    """
    Extract app_label.model combinations from NetBox object-types API endpoint

    Args:
        api_url (str): The NetBox API endpoint URL
        token (str): NetBox API token

    Returns:
        list: List of strings in format "app_label.model"
    """
    try:
        headers = {
            'Accept': 'application/json',
            'Authorization': f'Token {token}'
        }

        # Get all results by handling pagination
        all_results = []
        current_url = api_url

        while current_url:
            response = requests.get(current_url, headers=headers)
            response.raise_for_status()

            data = response.json()
            results = data.get('results', [])
            all_results.extend(results)

            # Get next page URL
            current_url = data.get('next')

        # Extract app_label.model combinations
        object_type_names = []
        for obj in all_results:
            app_label = obj.get('app_label')
            model = obj.get('model')

            if app_label and model:
                object_type_names.append(f"{app_label}.{model}")

        return object_type_names

    except requests.exceptions.RequestException as e:
        print(f"Error making request: {e}")
        return []
    except json.JSONDecodeError as e:
        print(f"Error parsing JSON: {e}")
        return []

def main():
    # Configuration
    api_url = "https://demo.netbox.dev/api/core/object-types/"
    token = "APITOKEN"

    print(f"Fetching data from: {api_url}")

    names = extract_object_type_names(api_url, token)

    if names:
        print(f"\nFound {len(names)} object types:")

        # Format as Python list
        formatted_output = 'object_types = [' + ', '.join(f'"{name}"' for name in sorted(names)) + ']'
        print(formatted_output)
    else:
        print("No object types found or error occurred.")

    return names

if __name__ == "__main__":
    object_type_names = main()

Example Output:

Fetching data from: https://demo.netbox.dev/api/core/object-types/

Found 149 object types:
object_types = ["account.usertoken", "auth.group", "auth.permission", "circuits.circuit", "circuits.circuitgroup", "circuits.circuitgroupassignment", "circuits.circuittermination", "circuits.circuittype", "circuits.provider", "circuits.provideraccount", "circuits.providernetwork", "circuits.virtualcircuit", "circuits.virtualcircuittermination", "circuits.virtualcircuittype", "contenttypes.contenttype", "core.autosyncrecord", "core.configrevision", "core.datafile", "core.datasource", "core.job", "core.managedfile", "core.objectchange", "core.objecttype", "dcim.cable", "dcim.cablepath", "dcim.cabletermination", "dcim.consoleport", "dcim.consoleporttemplate", "dcim.consoleserverport", "dcim.consoleserverporttemplate", "dcim.device", "dcim.devicebay", "dcim.devicebaytemplate", "dcim.devicerole", "dcim.devicetype", "dcim.frontport", "dcim.frontporttemplate", "dcim.interface", "dcim.interfacetemplate", "dcim.inventoryitem", "dcim.inventoryitemrole", "dcim.inventoryitemtemplate", "dcim.location", "dcim.macaddress", "dcim.manufacturer", "dcim.module", "dcim.modulebay", "dcim.modulebaytemplate", "dcim.moduletype", "dcim.moduletypeprofile", "dcim.platform", "dcim.powerfeed", "dcim.poweroutlet", "dcim.poweroutlettemplate", "dcim.powerpanel", "dcim.powerport", "dcim.powerporttemplate", "dcim.rack", "dcim.rackreservation", "dcim.rackrole", "dcim.racktype", "dcim.rearport", "dcim.rearporttemplate", "dcim.region", "dcim.site", "dcim.sitegroup", "dcim.virtualchassis", "dcim.virtualdevicecontext", "django_rq.queue", "extras.bookmark", "extras.cachedvalue", "extras.configcontext", "extras.configcontextprofile", "extras.configtemplate", "extras.customfield", "extras.customfieldchoiceset", "extras.customlink", "extras.dashboard", "extras.eventrule", "extras.exporttemplate", "extras.imageattachment", "extras.journalentry", "extras.notification", "extras.notificationgroup", "extras.savedfilter", "extras.script", "extras.scriptmodule", "extras.subscription", "extras.tableconfig", "extras.tag", "extras.taggeditem", "extras.webhook", "ipam.aggregate", "ipam.asn", "ipam.asnrange", "ipam.fhrpgroup", "ipam.fhrpgroupassignment", "ipam.ipaddress", "ipam.iprange", "ipam.prefix", "ipam.rir", "ipam.role", "ipam.routetarget", "ipam.service", "ipam.servicetemplate", "ipam.vlan", "ipam.vlangroup", "ipam.vlantranslationpolicy", "ipam.vlantranslationrule", "ipam.vrf", "sessions.session", "social_django.association", "social_django.code", "social_django.nonce", "social_django.partial", "social_django.usersocialauth", "taggit.tag", "taggit.taggeditem", "tenancy.contact", "tenancy.contactassignment", "tenancy.contactgroup", "tenancy.contactrole", "tenancy.tenant", "tenancy.tenantgroup", "thumbnail.kvstore", "users.group", "users.objectpermission", "users.token", "users.user", "users.userconfig", "virtualization.cluster", "virtualization.clustergroup", "virtualization.clustertype", "virtualization.virtualdisk", "virtualization.virtualmachine", "virtualization.vminterface", "vpn.ikepolicy", "vpn.ikeproposal", "vpn.ipsecpolicy", "vpn.ipsecprofile", "vpn.ipsecproposal", "vpn.l2vpn", "vpn.l2vpntermination", "vpn.tunnel", "vpn.tunnelgroup", "vpn.tunneltermination", "wireless.wirelesslan", "wireless.wirelesslangroup", "wireless.wirelesslink"]

[pheus]

Awesome! 🚀

Just keep in mind that if you extend your NetBox installation with plugins (or custom objects), the list of object types will grow accordingly. That’s why the second approach - using the API to query all available object types - is the most reliable way to go.