Open ankycooper opened 1 year ago
This is how ZoneMinder implements it.
With #1074 closed for comments, I wanted to still be able to share my use case, hoping that if one day auth (and user roles) are implemented in frigate, this will be considered as a hopefully common use case and will be covered.
I run Frigate, HomeAssistant, Zwave UI, Victoria Metrics etc in docker, all in the same home server. Each app minus Frigate allows me to use basic auth and some (HA) also define roles
The problem with frigate: huge security and usability gap, since Frigate UI is needed to access the video recordings, however the UI exposes everything allowing anyone to turn on/off video recording, change basic configuration etc. The UI is needed for regular users (my wife and kids) because video playback in the Frigate Card inside HA is hit and miss, likely due to Android not being able to play some of the clips - and also because the Frigate UI is in general much better to explore and find clips from the different cams.
The ask: please implement basic auth and at least the two essential roles; admin and regular-user. Allowing only admins to change any configuration, to start or stop detection or recordings, and not exposing those functions to regular-users.
The better that Frigate gets (and it's awesome at this point, thank you devs), the more we need basic auth and user roles.
Another thumbs up for this feature. (fwiw, Authorization is spelled wrong). I created the above request, which maybe is a simpler entry lift for adding some kind of RBAC without having to build user web interface forms, and using an external proxy for authentication, that provides roles via Headers to Frigate (eg. Authentik). Then later, expand upon the roles provided for more access control.
Another vote up for user roles.
At least admin and a view only role would be the minimum, bit I do like what has been laid out above. I have a use case for a large scale Frigate deployment to replace 4 x NVR's running ~120 cameras.
The minimum requirement would be at least 2 users admin and view only.
Recommendation: Make this a part of "Frigate +" and I'd be more than happy to pay.
Thanks for an amazing product... I now run Frigate at home having tossed out my useless Dahua NVR and now run 3 cameras including turning my backyard PTZ Amcrest camera into an AI smart tracking and follow camera (it's couldn't do that...) - all on a small N100 powered CPU with a Coral TPU. Amazing!
A vote up from me aswell. I want to be able to limit a user to a camera or a group of cameras
Another upvote from me. I was all set on Frigate and super excited, but then realized no user roles. I looked into the Traefik Forward Auth and other suggestions (never heard of that stuff--big learning curve). I agree with others that just doesn't seem like the proper method. My setup is pretty simple with HAOS and the Frigate Integration. I just wanted it all on one little machine. Until this is implemented, I don't see how I can use Frigate.
HI Everyone i just one add that this feature is really a game changer for frigate I'm looking to convince my company to use it and perhaps contribute to the project, but the lack of user management is just not ok for professional use
Describe what you are trying to accomplish and why in non technical terms Different levels of access for different users
Describe the solution you'd like A clear and concise description of what you want to happen.
Roles:
subject (user-id) / role/scope can be passed via token from IDP but has to be enforced by Frigate
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered. None
Additional context Add any other context or screenshots about the feature request here.