WTH no access control

How is it possible that, in 2024, HA still has no mechanism to control, per entity, who is allowed to view or modify the state of entities? Same for actions! Arguably even the appearance of the existence of entities, and event monitoring, should be controllable.

I would like to be able to have my guests have their own dashboards, but they should not be able to change entities other than the ones I designate as changeable by them. Without access control, they can just open the web inspector and run whatever they want.

EDIT:

Ideally, there would be an interface that allows the administrator to add/remove entities (preferably with view+change or just view option) to a role. We already have something similar in the Voice assistant “expose to assistant” dialogs.

“Change” in this context also implies calling a compatible action, with that entity as a target, where the entity state will change, and “view” implies calling a compatible action that doesn’t change the state of the entity.

Then roles can be assigned to specific users.

Functionally, any entity not viewable by the user would be filtered out of the websocket/API for that user. Actions invoked on entities not in the users’s role set of entities would error out with either a permission denied error or act as if the entities don’t exist. This filtering automatically implies that logbook/history don’t show unviewable entities, and dashboard-initiated actions don’t change entity state for unchangeable entities.

Eventually the same mechanism can be extended to individual dashboards.

Please provide an option for an administrator to hide dashboards from the menu for specific users. Additionally, this option should extend to standard items like History, Logbook, and Media.

Thank you!

10 Likes

Re-opened. This is the Month of WTH. If this is the thing someone bothers, then that is fine.

This month is not just about low-hanging fruit, it is about letting the community speak their minds freely. We should not shut that down. Let the community speak, please.

…/Frenck

56 Likes

I agree, HA needs the ability to add a guest user. Such a user would be given access to only one dashboard. On this dashboard, the guest could control entities, see the more-info window of these entities, but could not go to the devices from which these entities come. Also, going to the history of entities would not be possible for a guest user. The sidebar and keyboard shortcuts for searching should also be blocked for such a user.

13 Likes

This, can confirm it’s a big annoyance actually.

I have basically everything on HASS and my family has access as well. Not having the ability to limit who can control what has the potential risk of them modifying everything else if they somehow break out of their own spaces and dashboards I gave them, as good as you can lock these down there isn’t much that prevents them from potentially going to all devices or breaking out of additional addons which put them into a kiosk mode.

12 Likes

+1 I am really hesitating to encourage my family members to use HA themselves as they will likely break things by mistake (as the UI is so powerful).
Configuring access permission to specific devices or specific entities (none, readonly, readwrite, full - including deleting it etc) will be huge

12 Likes

Without Access control HA is not suited for real-life family use. Is it really for just lonely enthusiasts?
Example real-life use case where HA fails:
I have 2 kids: 6 and 12yo, both are smart enough to poke around and find their ways around limitations.
I want my kids to use HA mobile app on their phones to control: Lights, thermostats, music in their rooms as well as request more hot water from Viessmann heat pump when they are about to take a bath.
I don’t want my kids to control anything in my office or bedroom or change other HA entities.
In addition to that I have set limits for when and how long the TV can be switched on. And when I turn it off it should stay off.

So I have created dashboards for my kids to use and all is nice until they click that pesky “search” button. Then search for TV entity and turn it on on their will. Or mess around with my lights at night, or … do kids stuff.

Access control should prevent the “what does this button do?” situation and keep Didi out of the Dexter’s lab.

Until then it’s a one man show only, unfortunately.

32 Likes

And along with this allow us to set the default dashboard on a device (per the logged in user) without needing to have access to the device.

the old defunct Compact Custom Header had a decent way of doing this so the code base to do this existed at some point.

6 Likes

This is the 3rd on my list here.

“3. Fine-grained privilege system. Example: the user logged in 7/24 on a wall mounted dashboard should not have access to all the entities, just those required for that particular wall panel. Basically an area/device/entity/service level read/write/execute privilege system.”

To put it into context: my Home Assistant beside many-many other things controls my house’s heating and hot water production. This means controling of a heat pump, a wood stove, an electric water heater, solar collectors, 6 electric valves, 4 pumps, 4 fan-coils with speed control installed for more than $30000.

6 Likes

That’s a great idea!

If it’s not possible to do it in this WTH, at least add an option to reserve the Media, Logbook and History onyl for admin.
Other dashboards will be visible, but empty if the tab in the dashboard has limited visibility. Not the best, but it works,

2 Likes

It would definitely be nice to set visibility per entity. That said, I currently get around this by creating separate dashboards for each member of the family and setting the visibility for the dashboard appropriately.

2 Likes

This already exists. See: https://community.home-assistant.io/t/how-to-remove-entries-from-the-sidebar/453377/2

1 Like

Currently you can not secure your system correctly. You can make dashboards, remove the search and assist buttons via some hacks, but in reality your system won’t be secure. The backend behind the UI exposes all the data to the user logged in. And that’s a problem as it makes Home Assistant a single-user application.

8 Likes

Thank you Tom, I did know about it.
The problem is that for my wife, that uses only a smartphone, I set it up in the app, removing all the menus she doesn’t need, but my (teenager) sons were able to re-add the menus, or use another browser in a pc, and go through the logbook/history, find the brother’s light and turn it off. :sweat_smile:

4 Likes

+1 here, because of kids - they can hack the HA and control anything, even I limit dashboards visibility

5 Likes

I would like to have the ability to set a default dashboard for a user, like so:

5 Likes

+1 from me.

HA is already the best home automation software out there, but the missing RBAC is a big, big bummer.

LOTS of people here in the forum requested that in the past 5 years, every year those posts did get a lot of votes - but unfortunately, nothing happened.

Maybe this year it will be different? I would very much welcome it!

16 Likes

You’re right Tom, I improved the description of the WTH.
Thank you.

Then this Is Roll Based Access Control for which there is already a WTH open. So I will merge your topic and votes there.

2 Likes