Currently (version 0.108.6) logbook and history are displayed to all users.
Although you can create a dashboard for a “guest” or “tablet” user (in order to control certain areas), the access to logbook and history give them also access to all devices!
This a feature request but a security issue also!
It would be nice to have permissions for these menus.
I also think options like history, logbook, should be hidden from users. Or at least admins should have the ability to enable or disable them for each user
I’m going to +1 this because I want the ability to hide these options from people who don’t need to see them. But I don’t really agree with the security issue portion. If your goal is operate HA in some kind of multi-tenant environment where data can be fully segregated and users can only see their own data then you need to make a separate feature request for that. And boy will that be a lot of work.
Just in case people are unaware, it really doesn’t matter whether these tabs show up or not from a security perspective. All these tabs do is make calls into the REST API. Anyone with a login can do that, they don’t need a UI. The API allows anyone with a login on your system to get any state, call any service, create any state, etc. etc.
So yea, hiding these tabs is irrelevant to security. That’s a form of security by obscurity at best (except not really because the APIs are pretty well documented).
It will be nice to have temporary login at some user with admin rights, when setup user account (turn off some buttons) and when remove admin rights for user.
History, Log, Map, energy, is only for admins.
And for CAT casting is would be nice a password free acces account only to a lovelace webpage on local netwerk.
Agree. It may not matter from a security perspective but I like to clean up the GUI as much as possible for my wife, my kids, the baby sitter, family or guests staying here. If it’s not relevant to users or if they don’t need it, they shouldn’t see it.