I am, little by little integrating controls into my kids rooms, main lights, ambient led lights, temperature, etc.
Now, I want to create users in HA for them and give them old phones I have where they can toggle things they want to (and use it for listening to music).
The problem I have now, is that as an admin, I can not find a way to restrict each user to their own Readonly dashboard. I do not want kid A to be able to turn on/off the lights of kid B.
This seems like a standard use case but I haven’t found a direct way to do it.
How do you manage such scenarios in a sustainable way?
User management and permissions management is pretty poor in HA.
Under manage dashboards you can tag a dashboards as “admin only.” Tag most of the dashboards and only leave one exposing what you want for the kids, using the conditional card to restrict what is seen for each user.
I just use the overview dashboard (since you can’t tag it overview as admin only nor hide it from the UI) with a few cards anyone can access, then conditional cards for each user.
Doing so may mean copying the existing Overview into a new dashboard for yourself.
EDIT: You can use set view visibility inside a dashboard as well.
I run the wallpanel add on with the HA side and top bars hidden. Then use tablets throughout the house running either the HA app or a full screen browser.
While it isn’t security, per se, it does prevent a user from escaping the dashboard configured to display on that device.
Assume there are 3 users (incl. admin).
Create a dashboard with 3 views & define visibility.
Then let each person use his(her) own account.
(disclaimer: this is in theory; never tried it myself)
Also probably non-admin users have some (limited probably) access to some advanced functionality like Settings, cannot say for sure.
Sorry, I was sick all these days and I could not respond before.
looks like the only way is to set the visibility and work everything inside, I still have to understand how to do the kiosk that @Jorggs meant while still letting them change apps on the Android phone.
It is weird that such as basic functionality is not inside Home Assistant. We do not live alone in our homes
Any updates on this? This is really a major problem, and renders HA useless for so many applications, where you could give selective access to people (children, elderly people, gardener, cleaning, elderly care etc.).
Obviously you dont want these people to see “Logbook”, “Energy”, “History”, “Media” or the auto-populated "Overview” if you have that.
Is anyone working on this at all? Unfortunately I’m no developer, so I can’t help.
Sure one can do that. But that only applies to the comanion app and means you have to have physical access to those devices for setup. You can achieve the same visual effect (for app and browser) with integrations.
But all these are still poor and insecure workarounds instead of HA offering proper RBAC.