WTH- Why can't We Limit Logbook/History/DevTools/Maps to Admins Only/Specific Users

WTH- Why can’t We Limit Logbook/History/DevTools/Maps to Admins Only/Specific Users

With all the cool uses on tablets phones etc we need better access control to sensitive data particurally in History/Logbook/Maps etc.

Please see the two other threads that have been being ignored for quite some time.
Feb 21

+1 There’s no reason that my babysitter using the tablet, needs to be able to see where the wife and I are or any number of other things that aren’t explicitly set as available to that user.

Even if someone can make API calls etc. and that changing that would be hard to implement. Non-admins do not need to see these items on the side bar. Other sidebar items are currently able to be be shown or not to non-admins.

DevTools is admin only

I mean if that’s what you want then just remove those options from the sidebar. Open the sidebar and long-press on “Home Assistant” at the top then click the X to hide things. This information is only stored for this session but its not like the babysitter is going to log out and log in again or log in on some other device.

That is so not a workable solution. There are valid reasons to provide non-admins actual logins to the system. Not being able to limit distinctly administrative components from the UI without doing it per device and per login is not the answer.

8 Likes

Sure. And if that’s what WTH said then I would agree with you and wouldn’t have suggested what I did in the reply.

But that’s not what this WTH says. It basically says “how can I give my babysitter a pre-configured tablet that can’t easily let them track my wife and I”. To that I say you can, just hide the map in the sidebar.

There’s two other full threads(which I linked)describing a myriad of other problems with the way its implemented, such as a parent wanting to be able to use the mobile app to track their kids, but not having the kids track every movement of the parents. The point of WTH is to actually address these issues instead of coming up with some half-assed solution, like just hide it, it will stay hidden for the session.

4 Likes

Ok in that case why didn’t you just copy and paste the existing FRs or simply link to them? You re-phrased them into something which appears to be already solved. :man_shrugging:

Or just direct people to this one:

Didn’t see that one apparently i was sorting by views instead of votes. Well that’s awesome. RBAC just got another upvote from me.

1 Like

I read the whole discussion but I wasn’t able to get if there is at least a workaround to hide the following tab for al the users:
-Logbook
-Map
-History

In order to give access to user with having them to access information outside dashboards are given to them.

There is presently no way in HA to make the Logbook, Map, or History admin only. The only way to make them disappear is to disappear them for all users and that means taking control over what loads in HA. You would do this by reading over the docs on default_config

This is the most mind blowing thing about HA. Out of the thousands of hours of both paid and volunteer dev time over the course of years, that they cant implement even a basic form of Role Based Access Control… Meanwhile they are busy chugging along on “the year of the voice” great priorities.

7 Likes

This means that they will not simply disappear but they will be completely deactivated for all the users. Not even accessible via search tool from settings tab (which at the end is not accessible for other users).

Thank you

I didn’t say it was a useful disappear :wink: I’m not particularly happy about the lack of proper controls around those items. Especially since they do have the ability to lock it down. Seems to me that it’s just never become enough of a priority to finish the RBAC audits and clean things up :frowning:

1 Like

Quite fascinating… Why would one go through all the work of making such a complex platform, but then leave out features so basic, that the platform becomes essentially unusable in many scenarios?! :thinking:
In my case, it would be nice to able to limit stuff to what users actually need, simply to make it more user friendly and less messy/bloated. Apart from that I don’t really have the necessity for actually securely restricting access. But of course can see how this would be a deal breaker for many people. And I guess it’s kinda silly for basic features like this to just randomly be missing for such a long time. But you know, I’m sure it’ll get fixed, eventually… Probably once users that need this feature have long moved to another platform. :joy:

By the same token, I don’t see why I should have to log into an admin account to use those particular pages.

You shouldn’t have to. You should be able to choose whether you have to. That’s the point. :smiley:

still nothing?

While good to point out that there is no guarantee that things will be fixed. I assume that 1aranzant and others messages are more to do with what the hell does it take to get simple core functionality like RBAC, as opposed to “Year of the Voice”. For the amount of dev time they are putting into one more toy feature they could clean up a myriad of basic functionality.

  1. it’s not simple.
  2. if you want code changes to occur, make a feature request. A feature request already exists.

The core team works on what’s in their pipeline, I have no idea who creates that pipeline probably the owner of Home Assistant.

Outside the points above, nothing is guaranteed to be added to HA, even feature requests.

The only guarantee on an open source software package is: If you do the work, it will be added. If you don’t do the work, you’re waiting on someone else. Lastly, you can’t force anyone to do the work for you.

2 Likes

For some reason my fridge (which logs in automatically by IP as a non-admin user) stopped loading all graphs and history in widgets after an update. This isn’t my desired use of non-admin which is to just restrict people pawing at my fridge from deleting/renaming things etc.

Was there any progress on this topic and corresponding documentation/options?