Hi,
I would like to suggest implementing full per user access control for the built in dashboards such as Overview, Lights, Security, Climate, and Energy, including the ability to restrict access to History and related entity views.
Currently, it is possible to limit visibility of custom dashboards to specific users. However, the built in dashboards do not appear to support the same level of restriction.
This creates both a security and privacy concern in multi user environments.
For example:
- I have assigned entities to specific floors and areas
- I have created custom dashboards with limited entities for a non admin user (tenant)
- I have used Kiosk Mode to hide navigation and prevent casual access
However, if the user manually enters a URL such as:
http://homeassistant.local:8123/home/overview
they can access the built in dashboards and see significantly more entities than intended.
From there, they can also:
- Open History
- Browse and search for any entity
- View device activity
- Potentially see presence information and geolocation data
This means a tenant or restricted user could access sensitive information about the home and the owner that was never intended to be shared.
Kiosk Mode only hides the interface elements but does not enforce actual access control.
Suggested improvement
Please allow:
- Full visibility and access control for all built in dashboards
- The ability to restrict each built in dashboard to specific users or admins only
- The ability to restrict access to History, Logbook, and entity detail views
- Consistent and enforced access control between built in dashboards and custom dashboards
This would significantly improve privacy and make Home Assistant more suitable for shared homes, tenants, and wall mounted tablets where users should only see a limited and controlled subset of entities.
Thank you for considering this feature.