Hi
I’m a bit confused. I like the idea of having two users - one, an Admin that can change Home Assistant’s configuration and important bits. And another that just provides access to the frontend for simple access and device control. I think implementing multiple users is the way to go. But I’ve quickly got confused…
So, I activated the auth component as per https://developers.home-assistant.io/blog/2018/07/02/trying-new-auth.html
I’m on the latest hassio and on my next login was presented with a user creation dialog. I created “Admin” as a user. When I get into Home Assistant I can go to Configuration and now have a Users (Manage Users) option. In addition to Admin, I also have the users “Hass.io” and “homeassistant” users. Can somebody explain why these exist please? I now have 2 new accounts of which I do not know the passwords to. As my install is exposed to the internet, I ma worried about how strong or weak the access passwords are for these accounts. Can I change the passwords without damaging anything broader in my setup?
One last add-on question - once I create a new “access” user that is not an owner. Will I be able to stop that user from accessing Configuration settings etc? Or are they already? Just not sure because I can see that a new non-owner user can still navigate to the backend links.
Hope that makes sense. Is there any further info on this feature?
Hass.io user is a system generated user used exclusive by hass.io system service, this user cannot be used to login.
homeassistant user is the user represented “legacy_api_password” auth provider, it can only be used in that auth provider. The password is your api_password. This is for legacy support usage only, and has the same security level compares with your current api_password. We will remove it eventually when all integration moved away from http.api_password.
By the way, those users will be auto re-created if you accidentally deleted them.
@awarecan I know this thread is older, but I have a quick follow up. I have 2 Hass.io system generated users in addition to the homeassistant api user.
Can you think of a reason I would have 2 Hass.io system generated users (that I can’t delete)?
It is very possible because we had changed some implementation detail in prior release, hass.io got 2 users as a side effect. Feel free to delete the old one, or both. hass.io will auto generate a new user for itself.
Thanks for the response. It like like both Hass.io users can’t be deleted from the UI. Is there a specific area in the filesystem I would need to go to remove one or both users?
Can anyone help with users? I am currently on the 0.79 but I am still using legacy api password and I do not know how to set up users owner and others. I have already read the information on the website but still not able. I put in the configuraion.yaml
homeassistant:
auth_providers:
type: homeassistant
but other than that no idea what to do. Any ideas?
Did that, made an account, which i guess is the owner but when i’m trying to create another account from users says unauthorized! Thanks for your help!