Restricting non-administrator users via Home Assistant in car play & android auto #3298
Replies: 2 comments 1 reply
-
|
User management option is something that needs to come top-down from Home Assistant Core, please request it there. Even if the App makes a workaround for that, user would still be able to access all scripts/scenes through the API if they want, so it’s not really secure anyways. As soon as Home Assistant itself handles user access level, the app will inherit from it. |
Beta Was this translation helpful? Give feedback.
-
|
I understand what you're saying. I would be happy if you also wrote to them about this topic because it's very important. After working so hard to build a system for users, especially those who aren't administrators, suddenly they have access to everything and it's mind-boggling. |
Beta Was this translation helpful? Give feedback.
-
|
You're not the first that request user access level, it's a big topic in Home Assistant community, unfortunately the implementation is also a big change, I suggest to vote on one of the topics in HA Community or request the feature there and collect votes. https://community.home-assistant.io/ |
Beta Was this translation helpful? Give feedback.
-
I really can't understand the logic of this whole issue of opening the car play option to all users without controlled control, in my opinion it's one big bug and a security hole in the system.
For example, I run an office with 20 users who are not defined as administrators at all. They are just regular users without extended access to the system. I also use kiosk mode.
And now what happens is that as soon as a user who is not an administrator in the system connects his phone to his car or uses iPhone shortcuts, he actually has full access to all automations, scripts, and more...
This way my system is really exposed to the operation of a user who is not an administrator. It's very bad. I don't know what to do anymore. Everything I built is destroyed because of this.
You need to make an option in the system settings to allow the user to see the car play option or shortcuts on mobile, tablet, etc....
Please call this quickly and make a user management option.
And not restrict through the user's own device, but restrict through the Home Assistant server
This is very important because without this option, this whole thing goes against the Home Assistant management rules
And it's the same on Android
Beta Was this translation helpful? Give feedback.
All reactions