With the project stop of custom-header (@mayker thanks for your great work) I’m missing some functions in Home-Assistant.
Remove the menu sidebar for defined users
Remove the 3-Dot menu for defined users (menu top right)
In my opinion, most of the options in the profile-settings should also be able to be set by the “administrator” (depending on the authorization set, the user cannot change them).
When I think of the future of home assistants, it makes sense to expand with a central user administration. Something like this:
This ensures that you don’t ban yourself (if you deactivate the sidebar-menu):
The sidebar-menu could only be activated in the ‘Users’ group. This option should be deactivated for the Administrator groups. The two groups (Administrator & Users) already exist.
Correct. I use this for displaying to a tablet, though, and it works great for that purpose. There are other requests for ACL-like control over items, but that’s a really involved bit that likely won’t happen for a very long time.
Then the function of these feature requests does not yet exist. So, let’s vote
The feature requests Control Sidebar items (I assume you mean this) are only about the content of the menu sidebar. In the meantime, this is possible, but also only per device. In my feature requests, the admin should also be able to define the content of the sidebar for the other users.
I don’t know why it should be. That functionality already existed (and still works yet) in custom header. They could incorporate that work into core.
My understanding is that the devs don’t want to do it because it’s too complicated for users.
mayker
(maykar (pronounced "maker" with a southern accent))
11
Per user controls on kiosk-mode exist now. Also, be on the lookout for another project in the works that will do the same for the 3 dot menu and more in the header no ETA yet.
mayker
(maykar (pronounced "maker" with a southern accent))
14
That one is a bit more complicated, but I am thinking on the best way to add something like conditional configs based on entities. This won’t be handled with template rendering, but could be handled with a template sensor.
Ultimately, I would like to create a simple way for some of my projects, and any project that wants to steal the code, to be able to use certain conditions to change config based on:
If user is admin
If user is not admin
Per user conditions
Entity state/attribute conditions (only one not implemented in kiosk-mode yet)
Once that is done I want to add it to some of my other projects and create an example for others to use. No ETA of course, lot’s of stuff on my plate.
No Jinja in the frontend kind of stuff, maybe js, but probably just config driven.
wow, yes, that’s really what we need with the demise if CH.
hope you get around to it, and please throw it at us in a beta state so we can help testing it.
btw, the example above could of course be written in a non template way, if you want to prevent overloading the add-on with templates
great. can’t wait. since that is the functionality I use for kiosk mode, I’ll wait for that to happen. thanks for continuing the works and securing the CH legacy.
@mayker Thanks a lot! That’s exactly, what I (and I Think o lot of other users) looked for.
About the implementation in the HA-core: If you bring your nice tool on the core, maybe you can influence the core-team, to exband the user-roles (like my picture upper)
An ACL is quite different than what you’re asking for, but I’m pointing out that it may already be on a roadmap.
An ACL (Access Control List) does more than just hides icons from people; it prevents them from actually being able to take certain actions. Right now, just hiding something like the Configurator doesn’t make it completely inaccessible, it just means you have to know how to get to it. This is an extreme example, but it can be used for more minor things, like preventing guests from being able to arm or disarm the alarm system, unlock doors, or turn on/off certain switches/lights, etc.
From a security perspective, an ACL will be much better to both hide things from the user and prevent them from accessing or modifying all-together. Thinking about the long-term, it’d be better to put efforts into a system like that than throwing some insecure band-aids and trying to support those.
I absolutely agree with you. If something is going on (even if not implemented tomorrow) I am satisfied. Especially with the current solution from @mayker . It would be cool if @maykers “hidden solutions” were integrated into the ALC. Can someone make the connection to the ACL-project-team for @mayker ?
