I want to hide / prevent form using some of entities/sensors from specific users. For example, second user shold be able to see outside temeprature from sensor, but he should not be allowed to switch on/of light in bedroom.
What is simplest way to do that?
Currently, there really is no way to do that. There are some “hacks” to set entities displayed in the UI to read-only (using simple-entity), but those can be overridden pretty easily.
There is an ongoing discussion/feature request though: WTH2 - WTH!? No RBAC - Role Based Access Control? (Users & Groups rights)
You can create dashboards that are only viewable by administrator users. Put your lights in that one.
Then create a dashboard viewable by anyone and put your temperature sensor in that.
This is only ok if they are not inquisitive or are too scared to click around. Because they can still view Settings → Devices & Services to control anything.
There is this project for sharing limited time controlled access to services, but not sensors unfortunately: Limited guest access addon
So, still any user is able to switch on/of all the lights in my house and I can’t prevent that? It looks like currently is not possible to prevent other users to entirely control my house.
That’s correct. If a user has access to the UI, they have access to pretty much anything (if they are inquisitive enough to go digging around). You can kind of get around this (a bit) as @tom_l mentioned. But the reality is that there is currently no real RBAC in HA.
Ok… so I don’t think I want to create another user. I think the only way is to setup second HA instance and run both.
Is there any plans to develop more multi user functionalities? Looking at release notes, latest version includes some nice UI improvements, but not anything related to multi user support.
There’s a very good chance something is put into place to allow this to happen, but I wouldn’t expect a full blown RBAC system.
This will most likely come as a single dashboard without edit/search abilities.
There is. Check out this, that was released yesterday
https://youtu.be/oa__fLArsFk?t=8490 (start at this time)
As I understand, that’s what is planned. Intetesting.
Required minimum is to be able to block access to certain sensors/entities for any particular user or group. Similar as today owner can disable admin functionality for any user. Very simple logic, new user with full access to all switches has no sense.
Then you’ll be waiting quite a long time. I’m fairly certain the path that will be taken will involve a single dashboard with locked down access to the rest of HA. I.e. the user will only be able to access a single page with the information you put it, and they wont have access to anything else. It won’t be done on a entity by entity basis.
Well, that may be enogh for now. Single dasboard or multiple dshboards linked to user. Everything defined by owner, and user can only operate on his dasboard - look at sensors or use switches if they are included.