It shows up for me in the Dashboards Settings option.
Edit: Interesting. It doesn’t show up in my new VM Installation. Hmm.
I am pretty ignorant of this kind of things, but I think that is because they are not exactly dashboards but rather they are just shown there like some HACS extensions or integrations are.
Anyway, I solved my specific problem but thank you a lot for the help.
(Details about my problem: I was concerned about the fact that all users could access the cameras from the Media section. I solved it downloading an HACS extensions that enhance Home Assistant features like giving the ability to enable/disable devices/entities as service calls. I then used these calls for two simple automations that disable the cameras when someone arrives home and enable them when there everyone is out)
Not only that, but it was also originally envisioned as a Home Automation platform that would unify the various hardware ecosystems that exist in the home automation world, and Lovelace was mostly intended as a means of viewing status, not actually controlling hardware directly.
Just yesterday I read some posts in the community about people that were facing these kind of “situations” and better understood this philosophy behind Home Assistant myself (my profile has been created some months ago but I started using it only a couple of days ago).
I respect it and after tinkering with the system and how it is made I completely agree, you are both right.
I figured out why this happened; if you install the history-explorer-card from HACS, it seems to modify the existing dashboard and makes it a real editable one.
With the death of the Life360 integration for mobile tracking of family members, I figure that’s ok, I’ll go with the fam installing the HA app.
But then I get stuck at this user permission issue, as I don’t want my kids fiddling.
Below would fix my issue, but I don’t see anything on the horizon.
And given how old this thread is, nothing doing here either.
So overall, getting a little backed into a corner.
Hava a look into traccar, it’s also an addon and might fullfill your needs…
1 Like
I was realy shocked, that there is no RBAC at all. I came from domoticz and there is a RBAC since years available. Maybe to progammers have no kids or are not married? 
Or maybe the programmers haven’t seen any comments in this thread to convince them that making this change would fit in with the vision of a system that was open to all residents in a specific home. Apps and Web interfaces are fine for a status display, but can be inconvenient for everyday use if you don’t spend all your time looking at them.
The idea that a home automation system should always be 100% open to every user in the home is applicable to a VERY limited set of households.
Especially if that includes the ability to control things like HVAC and access control systems, let alone things like adding and removing users.
Does any home with kids really want to grant the ability to remove the parents ability to control the system to the creative and bright pre-teen in the household?
Consider a home where there is a home-owner and tenants who share common areas, but also have their individual spaces. Likely the homeowner wants to grant the tenant access to control certain things, but not others.
This doesn’t have to be full on RBAC (though that would probably be ideal), but at the very least, some level of per-resource access control truly is needed to make HA palatable to a very large percentage of use cases.
1 Like
To me, it’s not Home Automation if you’re using a smart phone, tablet or PC to turn on lights or change the temperature in the house. When I think of Home Automation, I think of walking into a room and the lights come on automatically, I come home to find the temperature set to the ideal temperature based on the time year, or the lights come on when the sun sets. I’m sure that what Paulus thinks of, because he actually posted it clear back in early 2016 in a post on the Blog here.
If people don’t want their kids messing around with the system, use a strong password and change it regularly, as well as an administrator account username that isn’t easy for them to figure out. Of course, I know that people will balk at that because they would prefer to use SSO and 2FA so they don’t have to remember a multitude of passwords, but I much prefer the old way.
Which is what I do too, but there are times when you might want to change to colour or efffects of lights or something like that. In these cases you will likely need to use the UI (or voice).
I do hope you are wrong, because this is still shown in /config/users in the user pop-up:
The user group feature is a work in progress. The user will be unable to administer the instance via the UI. We’re still auditing all management API endpoints to ensure that they correctly limit access to administrators.
As far as I know, that’s for allowing a normal user account to have administrator privileges, which is the opposite of the topic of this thread
It’s the same topic. It’s about the ability to give or restrict admin access. It very clearly states that with the option, the user will NOT be able to administer via UI. And it says they are still checking API endpoints, meaning this feature is not yet complete. It doesn’t indicate at all that it will never be complete.
Also BTW, that blog post you mentioned is not really saying what you claim it is. It clearly states the need to be able to trigger things manually, but it pushes for voice control instead of the app. It specifically says that you should not automate everything, because automation must be flawless and getting it right 90% of time is not enough. In my opinion you are presenting the opposite thought to what was written there. You wrote:
When I think of Home Automation, I think of walking into a room and the lights come on automatically, I come home to find the temperature set to the ideal temperature based on the time year, or the lights come on when the sun sets.
Meanwhile the blog post:
You are not the only user of your home automation.
People tend to forget that they are not the only ones in their home. As the developer of your house you’re enthusiastic about the possibilities and are willing to overlook flaws. Chances are very high that the other people in your household have different hobbies and just want to mind their own business.
This means that everything you automate has to work flawlessly. If you successfully manage to cause a response to some stimulus 90% of the time, you’re going to have a disproportionately poor experience 10% of the time. A common automation that fits this pattern is to fade the lights when you start watching a movie or series in the living room. It only works if everyone is watching.
I’m just catching up on the ‘State of the Open Home 2024’ video from a day ago on YouTube right now and there is mention of putting some focus on access control this year… so hopefully we get some progress soon.
7 Likes
I doubt that the access control granularity will be on the entity level, like this post implies. I strongly think (based on past convos) that this will be introduced as dashboards that can be assigned to users that only allow control to what’s displayed on the dashboard. Not sure if more-info pages will even be accessible.
5 Likes
That’s already effectively available through Kiosk add-on, but it’s really not sufficient as it does not prevent said users from hand-crafting URLs that get to things they’re not supposed to be fiddling with.
I know this isn’t something most people think of, and it’s probably not fine-grained enough for a lot of people, but you can restrict access to specific views (tabs on a muliple tab lovelace page). with the Visibility option.
The problem here isn’t so much one of how fine grained the access controls are (at least from my perspective) as the fact that currently, there are no access controls at all. If you have access to any of the system, you have access to all of the system, whether you can see it easily or not.
None of the alternate tactics anyone has mentioned actually remove access, they merely “hide” things. That’s great if you are trying to avoid confusion, but it’s useless if you are also worried about mischief.
Unfortunately, since this was not baked into the design early on, it may be extremely difficult to add later, but it’s not going to get easier over time, so the sooner this is recognized as a need and work begins, the sooner this problem can be solved.
Unfortunately, there still seem to be many in this thread who don’t appear to understand that this is necessary, which may tragically require the creation of an alternative from scratch.
5 Likes