Security: possibility to remove search from normal users dashboards

Currently search in dashboards cause security issue because normal users can search any entities and control everything from search.

That is possible even if the little search icon wasn’t there. All the malicious user would need to do is open Web dev tools and type some JS in the console.

So it would not be a security measure at all.

Ok, let’s not say that as a security feature then, just child guard… Reason why I see this high priority fix is that all of my friends and me are using external tablets as home screen and there is user logged on all the time. So that all persons at home can manage lights etc. but they should not be able to manage example air ventilation or security devices or tracking stuff…

Use Kiosk mode from HACS in user interface, then edit the dashboard you want to use on a tablet and in yaml mode add this:

kiosk_mode:
  non_admin_settings:
    hide_search: true
    hide_assistant: true
    hide_edit_dashboard: true
1 Like

Thanks. That was great solution for now.

If this is your concern — VALID concern — then you should use a separate control system without full access to HA. Look into remotes, programmable BT keyboards, or even Sonoff-type intelligent control surfaces that can be programmed with ESPHome to present limited user interfaces in-wall.

Whatever you put indoors to control stuff indoors is available for everyone to use indoors. Those are the breaks.

Wait until users find they can push a key in the virtual keyboard and the search opens up anyway. Inquisitive users will find this.

Hide is not security.