WTH no access control

Kids! So many of us have graduated from single to couple (OK, we can be the IT help there) to children. And kids have tractor hands. RBAC would basically close the gate on potentially destructive actions (I don’t want an enterprising 7 year old shutting off a gas valve!).

5 Likes

Mine is the breaker boxes. But same exact use case. Some things simply don’t need access by all users. There needs to be a security model

And that model needs to be zero trust guest and standard user off by default they get access to NOTHING unless explicitly exposed to the guest or non priveliged user.

Id even go so far as preferring thag they get sequestered into one dashboard and everything that goes on that dashboard throws an error until it’s ‘allowed’ in the security model.

1 Like

While not an easy thing to implement it should definitely be a target for next year’s improvements. +1

Hass is good but really have som things missing that are basic for a “smart” home system.

User access control for devices, scenes, dashboards etc is fundamental and I really hope that we get this prioritised.

I would also appreciate the option to actually lock the hamburger menu, (not have it shown) and only navigate with buttons in a GUI that i control, very useful for smart home panels.

can this be merged with WTH Why is there no easy logging of user acivity? - #2 by potelux ?

and this WTH There's no "who changed a switch" sensor?

If anything, that would be merged into this one, not the other way around.

2 Likes

That WTH is unrelated to this one.

1 Like

This is a significant concern for me as well from a safety perspective. I can connect my Unifi router to HA and this exposes entities for firewall entries. This is great from an automation perspective, but basically nobody in the house should be able to fiddle with those. I’ve considered running multiple HA instances, but to me that’s too much overhead and sidesteps the issue that HA should be able to handle it internally in a single instance.

6 Likes

I would like permissions for what users are able to open the sidebar history, map, logs and media tabs.

Usecase: i have friends as users in my hass instance. They have access to a single dashboard view. Yet they are able to see logs and history at will. I, as an admistrator, would like to hide these sidebar options for those users so they can basicly only see the single dashboard i wand them to see.
Admin options are already hidden for users.

2 Likes

Thanks for sharing! I’m Annika, User Researcher at Nabu Casa. I’m trying to get a better understanding of the user needs and pain points around access control.

Can you please elaborate why a privilege system feels important in the context of Home Assistant being used to control your house’s heating and hot water production? What challenges or concerns are you looking to address with it?

Why do you want to hide Media, Logbook, and History? And from who?

(I’m Annika, User Researcher at Nabu Casa trying to understand the needs and pain points associated with access control better :slight_smile: )

1 Like

As I understand there are different pain points arguing for the access control: reducing information for other home members, for example to avoid them breaking sth, or restricting access for children.

But your argument goes in another direction, right? Who is it that you don’t want to see the data as a logged in user and why? What’s your concern?

(Hi, I’m btw Annika, User Researcher at Nabu Casa trying to understand the pain points and needs behind this WTH better :slight_smile: )

2 Likes

Hello Annika, Because it’s ridiculously easy for a user to gain access to things which should be considered ‘elevated’ from those panels (which generally are not useful to generic users). (you get the more info panel, which can turn on /off/read any entities that list there)

Most of us responding this way come from a philosophy of ‘zero trust’

Which basically assumes if I have not EXPLICITLY given you access to something. You simply should not have access.

So the answer in ALL of these cases should be

EVERYONE except for the super ADMIN. (Yes in this case I really mean EVERYONE)
Because we have not EXPLICITLY said they can.

Thats who and why.

7 Likes

Similar to this point, it isn’t really that we want to hide things from nefarious actors as much as it is that providing the least access possible is good practice that can prevent unwanted changes.

I have a young child who loves to control the colors of our Christmas tree lights, but with a few accidental clicks, suddenly my Inovelli light switches are changed out of Smart Bulb mode and now all of the smart bulbs don’t work. This is a case where the intent is not nefarious, but access to those details/controls should never have been allowed.

7 Likes

wow, that’s simple… i set it up, i don’t want other people in the house to mess it up, lol. imagine coming back from work, wanting to take a shower and not being able to because there’s no hot water. is it critical? nope. is it desirable? easy.

Don’t forget that it is Home Assistant, but does not mean that it should be reduced to just home “members”. No home member or guest should be allowed to view/do anything I don’t explicitly allow them to.

1 Like

Hey, everyone!

We absolutely understand the concerns passionate admins have around access control. If it were simple, we’d have already implemented it. :wink: We know that a lot of people want their household members or guests to have very limited access in their homes, but still make specific things accessible to control.

Annika is here trying to get more information from you all - we can’t build something for only one group of people but your insight is incredibly valuable. So far the only feedback I’ve noticed here is “because I want to control things”, let’s dig further into that! Why is that important to you? Does the other household members ever express they’d like to be able to do something?

Some feedback recently has been that decisions appear to have been made without talking with the community. Our Researcher on the Product Team wants to make sure your perspectives are included in these conversations. Let’s try to remember that when responding. :slight_smile:

(Additionally, it’s helpful to remember that even though you admin your house, people like being able to have access to stuff. For example, you wouldn’t be an IT admin at work and say employees couldn’t access their devices at all - you just cut off things they can change and manage the group policies.)

5 Likes

And we’re trying to help. The biggest hurdle here is that for all of the these different scenarios the best way to start is to take everything down to a level of least privilege and then start layering access on. If you go digging in into the code some of this was started a long time ago (years) with the addition of a default Admin group and everyone else group. I would have to go looking for PRs releated to it but there was a comment about needing to go through all the API and making sure that everything was called correctly.

It’s been several years now and several things stand out to me:

  1. No additional work seems to have actually been done on it
  2. These groups are only definable via YAML
  3. They don’t really do anything other than limit some dashboard access
  4. New services keep getting added that really should be admin by default but are not and there is no way to limit them without turning it off completely by taking control of the default_config.

Yes, you have a bunch of IT admins asking for this feature, but we’re doing it for the betterment of all here, not (just) because we’re control freaks. Yes, several of us are, but we’re really just trying to minimize problems with our smart homes.

I have a small child, I don’t want to have access to being able to do certain things, or access certain things but they’re smart enough to be able to click around on the UI and find a way to modify things they shouldn’t by way of things like the History system (which really should be admin only) which can also get you to the logbook which then allows you to see a lot more devices and then get their controls.

I also use HA at rental properties and I really, really, really want to give my guests a kiosk tablet to allow them to control some of the features of the house (say thermostat schedules) but I have to go through a lot of extra programming of the UI that they get just to make sure they can’t get to things like the history or logbook to avoid them messing with things that they shouldn’t be able to!

5 Likes

Let me phrase it this way.

Talking about what you would like to be able to do is more insightful than telling us how we should build it. How we build it is largely irrelevant in this conversation. We can’t build solutions without knowing the problem first - and the problem most people have here are the security aspects of this, totally fair. One thing the community at large often forgets is that there different perspectives of what “security” looks like to individuals.

Andrew, your last 2 paragraphs are super helpful! Understanding exactly what you would like to control helps us understand how to best tackle things. I’m curious in your latter point, with the rentals, you state guests not tenants. This to me sounds like you would end up being off-premise in order to troubleshoot things. This might be more of a curiosity thing on my side more than anything else: do you remotely troubleshoot when they run into issues currently and how’s that process look to you? Could you see improvements here? How would you expect to be able to smoothly remote into the device to help in a future with access control?

3 Likes

That is written in the people management page in settings in HA, when you add it edit a person with the administrator toggle off.

Also there was this, 5 years ago:

"This feature is however unfinished. We need to audit the Home Assistant code to make sure that all APIs and service calls check the users permissions. "

And a call to action. No idea what happened afterwards.

Either way, I’m really glad this is now getting more attention from Nabu Casa.