The Reolink integration currently requires an admin login to my NVR. Since Home Assistant doesn’t really have a permissions model of its own, this means that anyone with access to my HA can reconfigure the cameras as they like. I would prefer to use the Reolink web interface for any configuration, and have Home Assistant simply as a “regular user” client.
I’d like Home Assistant to get alerts, show video, etc., without being able to change the camera config.
A non-admin account can not even turn on the spotlight of the camera, it can only read but not write to the camera. So all switch, button, select entities would not work anymore.
Basically you are left with the camera entity and the binary sensors then.
However the bigger issue is that the binary sensors and camera entities require the ONVIF/RTSP/RTMP ports to be open, now with admin privilages HomeAssistant takes care of this and opens the ports it needs to function. (default these ports are closed on a brand new reolink camera).
If I allow non-admin users, I would get lots of issue reports from people about stuff not working because the required ports are not enabled.
So I don’t really like to allow non-admin users.
Would there be a way to separate it? I don’t want, for example, random members of the household turning spotlight settings on and off.
@mattdm the easiest way would be to just simply disable the spotlight entity.
Memebers of the household that schould not be able to turn on the spotlight should use a seperate HomeAssistant account that is not administrator in HomeAssistant.
Those household memebers would then not be able to enable the spotlight entity again and can therefore not control it.
(Of course this would work for all reolink entities that you do not like to have exposed).
In theory it would be possible to allow non-admin users, but it will just create to much maintenance work from HA users that are not aware they schould use a admin account and will complain about missing entities/not functioning entities/problems setting up the integration due to blocked ports.