Configuring a (real) guest user: an alternative approach

Hi, I’d like to share the way I approached the configuration of a guest user in my HA and how I worked around some well-known limitations, especially those related to the lack of a global sidebar / default dashboard configuration.

My requirements:

1. Guest user allowed to login only from the internal network

2. Only specific views available to the guest user

3. No need for the guest user to switch to a different dashboard once logged in

4. No unnecessary items to show up in the sidebar for the guest user (including logbook, media, history, etc)

Basically a sort of kiosk mode without using frontend hacks (https://github.com/maykar/kiosk-mode is now deprecated, https://github.com/Villhellm/custom-sidebar is no more working in latest HA versions, https://github.com/galloween/custom-sidebar-v2 works only for admin users).

Requirement #1 is the simplest: just create a guest user with a simple password and toggle the Can only log in from the local network option.

Requirement #2 is also stright-forward: create a dashboard, add a View for the guest user, under Visibility allow the guest user only to access that view, disable the guest user to access any other view of the dashboard.

Requirement #3 is tricky. As we know there is no global default dashboard configuration, it is per-user / per-device.
This means the guest user, upon the first login, lands in the over-complicated Overview dashboard and should go in his profile to change the default dashboard. Not something I want them to do neither I want to do it on their behalf.
After reading tons of posts here, the simplest approach I found is to take control of the Overview dashboard (if I need the same content I can always create a brand new admin-only dashboard) and put all my views there (both for regular and guest users).
True, the name of the Overview dashboard cannot be change as well as the icon but at least in this way every user (guests or not), when logging in, will land to a dashboard populated with the contents I want.

Requirement #4 was also a challenge. As we know also the order in which the items show up in the sidebar and which one is hidden or not is per-user / per-device. The way I approched it was the following:

• I migrated all my dashbaords into views in order to have a single dashboard only (the Overview one). This is not mandatory of course, just an implementation choice, to avoid taking care of the order in which dashbaords are listed in the sidebar

• I disabled in my configuration Energy, Map and Media since not using them at all (Ref. How can I hide the Energy/Media/Map tabs from the sidebar? - #9 by petro) resulting in the entries to disappear from the sidebar. This required switching from default_config to a long list taken from Default Config - Home Assistant and commeting out those not needed

• For Logbook and History, which are something I need as an admin but don’t want the other users to access and see, I made them available for admin users only, opting for the approach described in Admin only access for Logbook and History menus - #44 by dan_mc. This required to copy the code of the two components from /usr/src/homeassistant/homeassistant/components or core/homeassistant/components at master · home-assistant/core · GitHub into config/custom_components, add version to the manifest file and making the views admin-only in async_register_built_in_panel() as described in the other post. Of course maintenance of this could be time-consuming since theoretically the code should be updated upon each upgrade

In this way not only guest user but also any user on any deice, has no need to touch the sidebar, hide unnecessary entries or set a default dashboard
Hope can be helpful

Thanks

I appreciate the work around and posting the instructions.

BUT…

I have no idea why the concept of an admin controlled user view system hasn’t been implemented yet.

It’s been a long request and there was even a custom integration (custom header that has been deprecated but luckily still works for me) to solve this problem.

I would think that the developers could have easily added its functionality to the core especially since the dev of the custom header is now (was?) working in the core dev team. The infrastructure is already still available.

I honestly don’t get why there is so much time spent on some niche things but this basic functionality is ignored.

I can’t express in words strongly enough how right you are.
We do need, STRONGLY, different user types NOW. Dammit.

Has anyone managed to set the History and Logbook to admin-only mode in supervisor?
I don’t have the src folder in usr and frontend.async_register_built_in_panel doesn’t seem to exist.

Thanks!

Hi Axel,

I haven’t found an official way to do this, but there is a way to hide it form the guest user.

1. Sign in as the guest user in a private browser tab
2. Click the profile icon (bottom left) to edit their settings
3. You will find a menu item “Change the order and hide items from the sidebar”, click the EDIT button

Yes, tech savvy users might find that and decide to reenable them, but it’s at least a way to have those items hidden on initial launch.

Hi,
Thank you for your reply!

After a few tests, I found that this only works for the device that is configured. Other devices won’t be affected by these changes.

Unfortunatly, that’s not what I’m looking for.

Is there anything else I can try?

Thank you for your help!
Axel

Give the guest account page the url default_view (that one is standard from the home page, so change them to into home or similar.

Sorry but I cannot follow you.

Every page has a url, (click on the pencil to edit the page)
Rename home homepage url to “something different”
Rename your “guest” page url to “default_view”

That will do it.

Sorry for the late response, don’t get a email when there is a reaction.