Custom Guest Access (Permissions System)

Hi. I don’t think I’ve seen this discussed or requested here…

I’d like to be able to set guest/visitor access in a custom way, e.g. if you have relatives staying or a contractor coming to do work at the house or something. So, you could give your relatives access to the lights and switches but not the cameras… and you could give the contractor access to only the garage door, or…

I would envisage you could set a group for each guest and set an optional password.
Using a group would be nice because of the new groups config in the front end.

YAML could be something like:

guest:
  family:
    groups: family, living_room
  plumber:
    name: Jims Plumbing
    password: jim123
    groups: jim

Then they would get access via a URL (maybe customisable too) like: http://myhaurl/family or http://myhaurl/jims_plumbing and would only see whatever was in the groups they had permission to access.
:slight_smile:

This would depend a great part on user support and permissions matrix. It’s been mentioned that it is part of the planning, but will require a lot of work to do it right and not damage anything as it would be pervasive throughout the code.

One way you could sort of do this now though is using HA Dashboard and just setting up widgets for those things you want them to have access to.

1 Like

This is a serious issue. A permission system is needed.

Doing it at UI level is not a secure option, the system needs to secure all interfaces. This is needed, for instance, if you need to provide API access to third parties or tools (services like IFTTT or API.AI), or when your plumber is a also a bit of a hacker.

Introducing the concept of “guest” doesn’t look a good idea to me. Most systems use concepts like ‘user’, ‘group’, ‘object’ or ‘acl’ for this.

Imho, this shall apply to all entities and services. Eventually, a particular user group may need read and/or write access to any script, service or sensor.

I agree! Great for reduced access for kids too!

1 Like

I would like to see a permission system, or possibility to customize UI per client