User Accounts for AdGuardHome

[ghost]

Enhance AGHome as a multi-user system that handles multiple simultaneous active sessions with role of administrators and standard users.

Benefits

• Configure non-privilege users (view mode) to access query logs, dashboard and settings.
• Provide non-privilege access to certain device or range. https://github.com/AdguardTeam/AdGuardHome/issues/481
• Configure administrator access to certain 'IPs, CIDR, MACs' https://github.com/AdguardTeam/AdGuardHome/issues/809 for manage data and change settings (change DNS https://github.com/AdguardTeam/AdGuardHome/issues/821, filters https://github.com/AdguardTeam/AdGuardHome/issues/435 etc) (this way we can keep provide 'Client' feature for such administrator)

(Source: Ntopng)

https://www.ntop.org/products/traffic-analysis/ntop/ https://github.com/ntop/ntopng

Any other reasons? To prevent implement https://github.com/AdguardTeam/AdGuardHome/issues/628

---

Above mentioned user roles seems extend the development task too much due other adguardhome users various expectations then i prefer suggest to discard user roles and use custom permissions method with 'Client Settings' for user accounts.

1. Allowed networks - the range provide to certain user (that user also able to create sub-accounts for someone else, it reduce the fever falls to server administrator)
2. Allow create accounts (additional option but it helps to avoid unwanted users. ex: avoid kids, co-workers create accounts for strangers)
3. Use default settings (if no intention to add clients then it helps to keep current account default settings rather than no protection but it still possible to override)
4. Lock button (just lock all settings and we might need to use that individually for)
   • each main settings - safe search, safe browsing, parental control
   • each filter list - so we can prevent disable some filters
   • dns servers tab
   • blocked services tab

Preference (this's an another column necessary to add next to 'main settings', 'block services', 'upstream servers')

• Access to Query Log https://github.com/AdguardTeam/AdGuardHome/issues/1326
• Access to Top queried/Blocked domains
• Access to DNS rewrites
• Access to Custom filtering rules (also let access to block/ unblock domains)

Filters (it's possible to keep that under client settings too, so we can add necessary filter lists) https://github.com/AdguardTeam/AdGuardHome/issues/435

Locked settings effect

[szolin]

First we need to decide whether we can use the same UI for both administrator and a regular user. The problem is that currently if the server starts to respond with an error to all requests except get /querylog UI will show tons of error messages. So either:

• UI must know what is allowed to a regular user and make only allowed requests
• or UI must handle access errors to any request and ignore it silently (and show empty data everywhere)
• or UI needs a whole new interface for a regular user

[ameshkov]

@szolin re-assigned this task to v0.103, I think it's too early for us to go this deep with users management.

[AngelFalse]

I didn't quite get the point of adding the "Language" settings into this panel. Based on my experience of the current version, obtaining language from the browser's request is quite enough.

[ghost]

Regarding https://github.com/AdguardTeam/AdGuardHome/issues/1235#issuecomment-562979662

i think user account more convenient to preserve any changes, settings properly than simplified web panel without authentication and hold an account is not that much complex as https://github.com/AdguardTeam/AdGuardHome/issues/1235#issuecomment-563309566 mentioned. optionally able to use simple password, saved logins or without clear cookies etc.

non-authentication accesses also make trouble when user needs to give personal desktop, mobile for someone else temporally or public devices in schools, classes, cafe etc.

[mountainsandcode]

Like this idea - as a second iteration of this it could be nice to be able to have users authenticate through some SSO or LDAP service rather than having to manage them manually

[ghost]

@szolin First we need to decide whether we can use the same UI for both administrator and a regular user.

Please refer new changes above; i forgot to mention

[timcappalli]

Like this idea - as a second iteration of this it could be nice to be able to have users authenticate through some SSO or LDAP service rather than having to manage them manually

Agreed. OAuth 2.0 / OpenID Connect and SAML support would be amazing. There's a ton of awesome ready to go libraries out there.

[ainar-g]

From #3243:

1. Add, remove and disable users;

2. Password changes and disable it;

3. IP and subnet restrictions (incl. access only from local networks or via unique url maybe, idk);

4. Session frame time options (web_session_ttl?);

5. Disable authorization entirely?

[ainar-g]

From #3806:

I would like the ability to create additional read-only users. I would like the ability to grant access to the */control/querylog path

[fernvenue]

From https://github.com/AdguardTeam/AdGuardHome/issues/4426:

Can you provide a way (in the yaml file) to actually disable the native authentication process for these kind of settings.

[b255ea006]

I think that this feature a multi user setup would be an overshoot and is not worth developing.

Regards

[FallenAngel666]

I would love this feature. Right now if I want to fetch AdGuard data like in Heimdal or other integrations, I need to provide my username and paassword which is used for admin access. A read only user would be much more secure.

I guess this must not be an overshoot or overengineered solution with different ui or anything. Just a check if the user is admin or not on any set/update operations.

[mietzen]

I would love this feature. Right now if I want to fetch AdGuard data like in Heimdal or other integrations, I need to provide my username and paassword which is used for admin access. A read only user would be much more secure.

I guess this must not be an overshoot or overengineered solution with different ui or anything. Just a check if the user is admin or not on any set/update operations.

Same here, I think a simple auth token would be sufficient. Ideally the access rights of the token could be restricted to e.g. only show info. I also think implementing a whole multi user system would be a massive overshoot.

[joeyfigaro]

I'd love to have this! It'd be great if I could grant my partner access to our AGH instance to help manage our kid's stuff.

[HVR88]

It's only been 4 years, so I guess this is still in the consideration stage?

root user default (and only) login is not within acceptable use policy for any such service.