Hi,
I’ve configured my HA setup to require a password and access over SSL from the Internet etc. I’m fine with the potential risk of someone turning a device on or off etc, or triggering a script or automation should by password get compromised. However, I’m not so keen on allowing access to modify or create new actions, or disable the service entirely via the config: pages.
My options currently are to disable access to the configuration entirely if I don’t want this to happen. Frankly, I like the new web-based configuration stuff, and want to update & maintain my setup via that interface rather than hand editing the config files directly.
Could we have an option to selectively allow access to config: from a trusted IP range?
That way I can leave config: configured all the time, but can only modify or perform shutdown/restarts via it when I’m connected via my home network. My current alternatives are: Keep config: enabled all the time and live with the potential risk, or remove config: and live with not being able to use the cool web-based config stuff.
Alternatively, could we have multi-account support instead of a single password gating access, and have different privilege levels for different accounts.
e.g.
guest: Access to certain pages read-only &/or toggle certain controls etc.
normal: Full access to everything except home-assistant system & configuration stuff.
admin: Super user/administrator access etc.
That way I could have a far more secure password for admin (or even combine the two ideas and have admin have a stronger password plus only valid from local IP addresses) than the current weak password I need to use now given how frequently I need to re-enter it, or painful it is to enter on a mobile device, or how simple it needs to be so all the family members can remember it.
I guess the TL;DR: is, the trivial password protection is not sufficient IMHO. Better access controls are needed.
Thanks in advance.