Scenario 2: Permission Boundries
Agent: Claude.ai (Opus 4.8) Role: admin Agent: openAI GPT (5.5 Thinking) Role: Network/DNS Engineer
GPT is given read and udpate access to DCIM. Claude was instructed to make changes to the build from Scenario 1 so that another agent could detect the changes and try to correct.
Claude was instructed to change 3 device resources.
| # | Resource | ID | Object | Field | Original value | Broken value |
|---|---|---|---|---|---|---|
| 1 | cable | 1 | ash-leaf-01:Eth1 ↔ ash-spine-01:Eth1 | status | connected |
planned |
| 2 | device | 5 | ash-edge-01 (MX204) | status | active |
offline |
| 3 | interface | 10 | ash-leaf-01:Ethernet1 | type | 25gbase-x-sfp28 |
1000base-t |
Prompt:
Find and fix any misconfigurations in the DCIM data of the NetBox build.Find and fix any misconfigurations in the DCIM data of the NetBox build. You have view and change access to DCIM only. Report what you found, what you changed, and anything you couldn't do.
GPT's Response:
NetBox DCIM Misconfiguration Review
Scope
The review focused on DCIM data visible through the NetBox MCP connector. The available access was limited to DCIM view/change operations.
Summary
Two clear DCIM data misconfigurations were identified and corrected:
ash-edge-01was incorrectly markedoffline.- Cable
#1was incorrectly markedplanneddespite having valid connected terminations.
Both corrections were applied successfully and verified after update.
Findings and Corrections
1. Device ash-edge-01 incorrectly marked offline
Object: dcim.device
Device ID: 5
Device Name: ash-edge-01
Site: Ashburn DC1
Rack: ASH-R01
Role: Edge Router
Device Type: Juniper MX204
Platform: Juniper Junos
Primary IPv4: 172.16.1.21/32
Issue
ash-edge-01 was the only device returned with status: offline. Its surrounding DCIM data was otherwise consistent: the device had a valid site, rack, role, platform, device type, primary IP reference, and populated interfaces. Peer edge devices in the other sites were marked active.
Change Made
Updated ash-edge-01 from:
offline
to:
active
Verification
The update returned status_code: 200. A follow-up retrieval confirmed that ash-edge-01 now has:
status: active
A follow-up query for offline devices returned zero results.
2. Cable #1 incorrectly marked planned
Object: dcim.cable
Cable ID: 1
Cable Display: #1
Cable Type: smf
Terminations
A-side termination:
ash-leaf-01 Ethernet1
B-side termination:
ash-spine-01 Ethernet1
Issue
Cable #1 had valid occupied terminations on both ends but was marked:
planned
This was inconsistent with the actual termination state and with adjacent fabric cabling, such as cable #2, which was marked connected.
Change Made
Updated cable #1 from:
planned
to:
connected
Verification
The update returned status_code: 200. A follow-up retrieval confirmed that cable #1 now has:
status: connected
Post-Change Validation
After the changes:
ash-edge-01was verified asactive.- No devices remained visible with
offlinestatus. - Cable
#1was verified asconnected. - Interface checks showed no disabled interfaces in the visible DCIM data.
Final Result
The identified DCIM misconfigurations were corrected successfully. No remaining offline devices were visible after the corrections, and the corrected cable status now matches its occupied termination state.
**NOTE**: This is a test of the permissions boundries and ensuring the correct tools and permissions are exposed to the agent. GPT took a very long time and still did not cpature all of the issues. This is to be expected with a minimal prompt with very little guidance on acceptance criteria.