Apologies if this feature request already exists, but I couldn’t find anything similar.
I would love to see a feature that allows for more granular access control in Home Assistant. Specifically, it would be great to have the ability to restrict access to specific devices, entities, automations, scripts, etc., for specific users.
example implementation:
- Default Access Levels:
- Admin accounts should have full access to all devices, entities, automations, scripts, etc.
- Non-admin users should, by default, have no access to any devices, entities, automations, scripts, etc.
- Customizable Access Permissions:
- It would be beneficial to define different levels of access for each user or user group, such as:
- Level 0: Invisible - The entity is completely hidden from the user.
- Level 1: Read-Only - The user can only see the status of the entity.
- Level 2: Control - The user can control the entity (e.g., turn a device on/off or adjust the brightness of a light).
- Level 3: Edit - The user can rename the entity and change its area assignment.
- Level 4: Edit Automations/Scripts - The user can edit related automations and scripts.
- Level 5: Full Control - The user can edit access levels, delete the entity, and have complete control.
- Access Level Hierarchy:
- Access levels should follow a specific hierarchy, where the most specific settings override the more general ones:
- Global Access Level: This is the default level applied when no other access level is specified.
- Area-Based Access Level: Overrides the global access level if no label-based or user-specific level is set.
- Label-Based Access Level: Overrides both global and area-based levels if no user-specific level is set.
- User-Specific Access Level: This is the highest priority and overrides all other settings for individual users.
- Entity Access Level Overrides Device Access Level: In cases where specific entities within a device have their own access levels, those levels should take precedence over the general device access level. For example, if a light is generally set to “read-only,” but the on/off control entity is set to “control,” the user should be able to turn the light on and off.
- Access Levels by Category:
| Access Level | Device | Entity | Script/Automation |
|---|---|---|---|
| Level 0 | Invisible | Invisible | Invisible |
| Level 1 | Status only visible | Status only visible | View what the script/automation does |
| Level 2 | Control (e.g., On/Off) | Control (e.g., On/Off) | Execute, but not edit |
| Level 3 | Edit (e.g., Rename, Change Area) | Edit (e.g., Rename, Change Area) | Edit (e.g., Rename) |
| Level 4 | Manage related scripts/automations | Manage related scripts/automations | Edit scripts/automations |
| Level 5 | Full Access (Edit, Delete, Manage Access, etc.) | Full Access (Edit, Delete, Manage Access, etc.) | Full Access (Edit, Delete, Manage Access, etc.) |
This table outlines how access levels should apply differently across devices, entities, and scripts/automations. It also clarifies that entity-specific access levels can override the broader device access level.
This feature would significantly enhance security and usability in shared environments. Thank you for considering this request!