I know that a lovecard card exists, but it is not secured enough for me.
I’d like to prevent my garage door to be accidentaly opened by using a pin or password protection.
Opening the garage let you go into the whole house, not very safe.
As the alarm panel already implements a pin protection (at low level, I can imagine), could this feature be implemented to any entity with a simple restriction or secure instruction in the yaml configuration?
Yes and no… The device is already protected by API auth. Some random unauthenticated person couldn’t just hit your HA instance and manipulate the device.
So, if a bad actor has compromised your very secure password, which contains letters, numbers, symbols, etc (lots of entropy), why would a 4 digit numeric pin be more secure?
You’re effectively wanting to protect against someone who has taken your phone, or is in your house already and has posession of your smart dashboard tablet, etc.
That’s actually a very good point. You’ve convinced me.
I do have a very strong password with 2FA enabled and no local wifi connected unauthed device can access my HA instance. So yes, it can be considered as already enough secured.
Actually, since the title didn’t specify what it’s protecting against… how about kids? I came across this post to see if anyone had needed to block some controls from their kids
That is true except that I want to prevent certain HA users from accessing certain devices. I.e. my kids TVs have outlets behind them. While they never have, I could see a use case for preventing a subset of users from accessing said device. Since HA does not offer this level of granular security at the device level, I don’t feel that it’s enough. And yes, I could hide those entities on a dashbaord or not expose them, but that is security through obscurity and I don’t like that.
Another good use case is that I have certain “helpers” that I use for configurations for how other entities/devices operate. I would prefer to lock those down so that no one accidentally changes them unless it’s me or my wife. Just because it’s a pain to do it otherwise.
Third option: Guests. I.e. I could see giving guests (i.e. babysitter or some short term stay over guests) access, but limiting that access. Again, only giving them a certain dashboard is ok, but even then, Dashboards are “admin” or “non admin” and so unless I take their phone and completely lock down and hide things, it’s a PITA to do these use cases.
I know there is a feature for RBAC and that is what we really need, even down to the device level (i.e. any group can use this device/enity, or only this group can)
