Admin only access for Logbook and History menus

Currently (version 0.108.6) logbook and history are displayed to all users.

Although you can create a dashboard for a “guest” or “tablet” user (in order to control certain areas), the access to logbook and history give them also access to all devices!

This a feature request but a security issue also!
It would be nice to have permissions for these menus.

Hello,

I’m also interested by this question. Could we limit access to logbook and journal to non admin users ?

Regards,

1 Like

I also think options like history, logbook, should be hidden from users. Or at least admins should have the ability to enable or disable them for each user

3 Likes

I also think this feature would be important.

1 Like

Adding my plea for this functionality

1 Like

+1 Please!

1 Like

Yes, I’m interested too

1 Like

It will be nice to have user roles. Sometimes user need only readonly, and not allowed to turn on/turn off

1 Like

And another +1

1 Like

The only way i found was to remove “default_config” from configuration.yaml.
But it removes from admin users too :frowning:

I’m going to +1 this because I want the ability to hide these options from people who don’t need to see them. But I don’t really agree with the security issue portion. If your goal is operate HA in some kind of multi-tenant environment where data can be fully segregated and users can only see their own data then you need to make a separate feature request for that. And boy will that be a lot of work.

Just in case people are unaware, it really doesn’t matter whether these tabs show up or not from a security perspective. All these tabs do is make calls into the REST API. Anyone with a login can do that, they don’t need a UI. The API allows anyone with a login on your system to get any state, call any service, create any state, etc. etc.

So yea, hiding these tabs is irrelevant to security. That’s a form of security by obscurity at best (except not really because the APIs are pretty well documented).

I would love to get more (access) control over the menu :+1:

2 Likes

It may be a security through obscurity thing, but it’s movement towards a more secure configuration.

3 Likes

+1 from me as well.

+1
Would really looking forward too be able to hide these things!

Any update? Is way to set only admin access for logbook and history menu?

It will be nice to have temporary login at some user with admin rights, when setup user account (turn off some buttons) and when remove admin rights for user.

+1 here! I would like to see ability to show/hide menu items per user!

History, Log, Map, energy, is only for admins.
And for CAT casting is would be nice a password free acces account only to a lovelace webpage on local netwerk.

1 Like

Agree. It may not matter from a security perspective but I like to clean up the GUI as much as possible for my wife, my kids, the baby sitter, family or guests staying here.
If it’s not relevant to users or if they don’t need it, they shouldn’t see it.

3 Likes