Here is how I envision RBAC for HA:
Ideally, there would be an interface that allows the administrator to add/remove entities (preferably with view+change or just view option) to a role. We already have something similar in the Voice assistant “expose to assistant” dialogs.
“Change” in this context also implies calling a compatible action, with that entity as a target, where the entity state will change, and “view” implies calling a compatible action that doesn’t change the state of the entity.
Then roles can be assigned to specific users.
Functionally, any entity not viewable by the user would be filtered out of the websocket/API for that user. Actions invoked on entities not in the users’s role set of entities would error out with either a permission denied error or act as if the entities don’t exist. This filtering automatically implies that logbook/history don’t show unviewable entities, and dashboard-initiated actions don’t change entity state for unchangeable entities.
Eventually the same mechanism can be extended to individual dashboards.
Open questions:
- Can globs / regexes be used to add entities for read/write to a role?
- How are groups handled? (Does action implicitly apply to all entities of group if group entity is whitelisted for write?)
- How to keep codebase impact minimal?
- How to minimize risks that future code changes accidentally let unauthorized accesses slip into the codebase?