WTH no access control

I think some of people (like me) didn’t answer because all of their concern was already written (kids, home employee…).
I know I’m not representative but 6 of 7 people I know who are using HA are waiting for this feature, and for most of them if a competitor to HA introduces a RBAC system, that alone would be enough to make them switch to a different home automation platform.

Could this RBAC system lead to dashboard configuration saved on HA and not anymore in the browser session ? small win for me :slight_smile:

6 Likes

Well, as far as I know, they do plan to address the User Acceptance Factor (I don’t think the official chosen label makes sense since a person’s home isn’t self-aware) by working on improving security, so perhaps this will happen this coming year.

I really want to simplify the UI for my spouse and kids. Too many UI options are overwhelming. I can ignore them, but I need to present something simpler for them.

Can we extend what we did for assistants? For Assist/Alexa/Google, there’s a way to expose entities to those devices. That’s basically what I want but at a user level.

5 Likes

@anakinsbrn , @MissyQ
Let me describe it better for you:

I own a house and I have integrated a lot of smart stuff in it:
Lights, Covers, Garage Gate, Door Locks, Heating System (heatpump, thermostat, etc), Alarm Panel and security sensors, Security cameras, Robot Vacuums, Multimedia, and so on. I use Home Assistant to have a centralized Control and Automation System.

As an “installer”, “admin”, “maintainer” and “the main user” of the system I understand very well how the system functions, how to change and modify things and also know how “not to break” it or fix it if it breaks. Obviously I need to have full control and access to everything in the system.

My family also enjoys our smart home. They like the convenience of automated climate, doors, gates, lights. But sometimes they need to control things on demand. One example would be: change light colors. Another one: change mode and temperature of the ventilation system. Yet another one: request for more hot water
from the heat pump. For some of these action I have installed dedicated controls: buttons, switches, etc. But a lot of controls and also automations are possible only via a rich GUI. In our case it is Home Assistant mobile app.

I have designed a number of dashboards for my family to use, everyone likes it, end of story.

But there are some issues related to current implementation of HA:

  1. Not all my smart devices are equal. Some are there for fun (multimedia) or for comfort (lights, climate). Other are needed for proper house operation (ventilation system, heatpump, boiler, circuit breakers, sensors, etc). Some are critical for my family safety and my property security (alarm system, cameras, locks, garage gates, etc).
  2. By installing Home Assistant app on my family member devices I virtually grant those devices full control over each and every device. This includes critical infrastructure and security systems. Custom dashboards explicitly expose controls for some of devices and entities, but other “critical” devices and entities are “visually” hidden. Not secured, not protected, just hidden. And the bad thing - there is still access to them through the app. Via search, via history, via hacking into backend with the least privileged “kid” user credentials.
  3. Mobile devices can and will get in wrong hands. Sometimes people lose their phones, sometimes classmates or friends get unauthorized access, sometimes hackers get remote control over them. Anyone who gets access to a phone with HA app connected to my home assistant can open my garage door or any door lock, turn-off circuit breakers, damage my heating system, turn on alarm siren, and do a lot of bad things to my property. It is really easy in current HA app. Also if it would be hidden on UI level, but accessible at the backend - malicious actor would still be able to do damage with the least privileged “kid” account.
  4. My kids are explorers. If there is any way to break into “hidden” settings - they will get in. They will poke around. They will break things. This is OK. It is my responsibility to setup the system properly and protect critical infrastructure. I expect HA to help me secure that. It does not.

I need HA to help me really protect what needs to be protected: critical devices, configs, automations.

Security through obfuscation or through hidden UI elements will only get you that far. A proper Access Control at the backend level is A MUST for HA to be considered “Family friendly”, I’m not talking about business use-cases even. Today HA as is - is unfortunately just “admin-only” system.

Until proper Access Control is implemented unfortunately there is only one option: block all users except admin and uninstall HA app from my family members phones. It’s a major drawback.

6 Likes

I like your thought processes, and had a lightbulb moment of something that should also be considered, certain objects should only be accessible if on WIFI or VPN, but not via reverse proxy or Nabu Casa.

For example my smart locks or garage door opener.

This would be for the same concern you have about mobile devices running the HA app, but also could apply to any means of access (browser on a laptop, etc).

That would enormously complicate the initial implementation of access control. And it’s also easily spoofable, aside from the IP address range for the source device.

I recommend, if you don’t want some devices to have access to certain entities, to not use the same user account for those devices. Of course, that assumes that at some point we do get access control and those separate user profiles can be blocked from having access to those devices.

I think if you look at the overhaul of user security in HA to make all these changes (not just role-based access control, but external authentication providers, single sign on, etc.), it is not a “one and done” deal - I suspect it would be a multi-stage approach, much like “Year of Voice” was. So my suggestion might not be in the first implementation, or the third, but could be considered down the road, once the base framework is there.

Yes, my idea would focus on IP address ranges, which would make it harder to spoof (HA already supports auto-login based on IP addresses, so some of that framework may already be there. It could also be based on the existing presence detection in my WIFI router that HA already uses.

In my smart home today, it would be a single device (mine), that already has safeguards (biometric unlock of the HA app in addition to biometric unlock of the phone) that make it increasingly difficult for a bad actor to gain access to my home, but I’m just thinking in a multi-layer redundant approach (for example even when the HA and phone are locked, I can still access HA in Android Auto, and right at the top under “Covers” is the garage door - a feature I use a lot because I practically have to park in the driveway outside my door for the non-smart remote to be in range, whereas with HA, I can start it opening as soon as I can see it, and it will be fully open by the time I get there).

2 Likes

Good take, I agree.

I may have commented on this subject in a previous year of WTH. But for me the biggest issue is my front door. I want to offer others a “key”, but at the moment that gives these temporary access people far too much access.
Also I would like the ability to create a user that is backed by modern authentication like SAML or OAUTH. That way I can set a user add them to the front door during work hours group (I am thinking a script would add and remove permissions) and they can run up HA on their phone, log in with their existing web ID and get access to what they need and nothing else.

My main scenarios:
Kids - They just started to walk home from school by themselves, we would like to install the companion app on their phones for easy notification when they leave the school area. We don’t want them to be able to modify automations, control any appliances or even see the sidebar so the companion is out of the question for now. Should only have access to specific dashboards.
Spouse - Not technically interested, just want to have access to the absolutely minimum necessary controls, the rest is just noise that causes frustration.
Guests/Kiosk - Should have access to control trivial things like a subset of lights, entertainment system, etc. Should only have access to specific dashboards, no sidebar.

1 Like