WTH- Why can't We Limit Logbook/History/DevTools/Maps to Admins Only/Specific Users

Month of "What the heck?!"
#1

WTH- Why can’t We Limit Logbook/History/DevTools/Maps to Admins Only/Specific Users

With all the cool uses on tablets phones etc we need better access control to sensitive data particurally in History/Logbook/Maps etc.

Please see the two other threads that have been being ignored for quite some time.
Feb 21

+1 There’s no reason that my babysitter using the tablet, needs to be able to see where the wife and I are or any number of other things that aren’t explicitly set as available to that user.

Even if someone can make API calls etc. and that changing that would be hard to implement. Non-admins do not need to see these items on the side bar. Other sidebar items are currently able to be be shown or not to non-admins.

Admin only access for Logbook and History menus
Hide logbook and history for user
WTH why isn't it possible to have admin right to configure non-admin user e.g. Disable items from the sidebar
#2

DevTools is admin only

I mean if that’s what you want then just remove those options from the sidebar. Open the sidebar and long-press on “Home Assistant” at the top then click the X to hide things. This information is only stored for this session but its not like the babysitter is going to log out and log in again or log in on some other device.

#3

That is so not a workable solution. There are valid reasons to provide non-admins actual logins to the system. Not being able to limit distinctly administrative components from the UI without doing it per device and per login is not the answer.

5 Likes
#4

Sure. And if that’s what WTH said then I would agree with you and wouldn’t have suggested what I did in the reply.

But that’s not what this WTH says. It basically says “how can I give my babysitter a pre-configured tablet that can’t easily let them track my wife and I”. To that I say you can, just hide the map in the sidebar.

#5

There’s two other full threads(which I linked)describing a myriad of other problems with the way its implemented, such as a parent wanting to be able to use the mobile app to track their kids, but not having the kids track every movement of the parents. The point of WTH is to actually address these issues instead of coming up with some half-assed solution, like just hide it, it will stay hidden for the session.

3 Likes
#6

Ok in that case why didn’t you just copy and paste the existing FRs or simply link to them? You re-phrased them into something which appears to be already solved. :man_shrugging:

Or just direct people to this one:

#7

Didn’t see that one apparently i was sorting by views instead of votes. Well that’s awesome. RBAC just got another upvote from me.

1 Like
#8

I read the whole discussion but I wasn’t able to get if there is at least a workaround to hide the following tab for al the users:
-Logbook
-Map
-History

In order to give access to user with having them to access information outside dashboards are given to them.

#9

There is presently no way in HA to make the Logbook, Map, or History admin only. The only way to make them disappear is to disappear them for all users and that means taking control over what loads in HA. You would do this by reading over the docs on default_config

#10

This is the most mind blowing thing about HA. Out of the thousands of hours of both paid and volunteer dev time over the course of years, that they cant implement even a basic form of Role Based Access Control… Meanwhile they are busy chugging along on “the year of the voice” great priorities.

2 Likes
#11

This means that they will not simply disappear but they will be completely deactivated for all the users. Not even accessible via search tool from settings tab (which at the end is not accessible for other users).

Thank you

#12

I didn’t say it was a useful disappear :wink: I’m not particularly happy about the lack of proper controls around those items. Especially since they do have the ability to lock it down. Seems to me that it’s just never become enough of a priority to finish the RBAC audits and clean things up :frowning:

1 Like
#13

Quite fascinating… Why would one go through all the work of making such a complex platform, but then leave out features so basic, that the platform becomes essentially unusable in many scenarios?! :thinking:
In my case, it would be nice to able to limit stuff to what users actually need, simply to make it more user friendly and less messy/bloated. Apart from that I don’t really have the necessity for actually securely restricting access. But of course can see how this would be a deal breaker for many people. And I guess it’s kinda silly for basic features like this to just randomly be missing for such a long time. But you know, I’m sure it’ll get fixed, eventually… Probably once users that need this feature have long moved to another platform. :joy:

#14

By the same token, I don’t see why I should have to log into an admin account to use those particular pages.

#15

You shouldn’t have to. You should be able to choose whether you have to. That’s the point. :smiley: