Ability to manage access to Panels

[fribse]

The request

As we use the HA more and more also as a GUI for the smarthome, and not just an automation tool, it really needs to have better user seperation and control. It's nice that you can limit certain pages from being shown to certain people, but the 'logs' and 'history', edit frontpage menu and other standard pages also needs to be excempted for certain users by choice.

Then there is nice to haves: Disable card-types for specific users (ie. all camera cards, or switch cards)

The alternatives

I've tried limiting access to the top menu with Custom Header but that is then for all users, not just for the one currently logged in. With the new 0.107 I can create multiple frontends, but despite that it is very nice, that just doubles/tripple/quadrupels the work for setting up the UI.

Additional information

[SeanPM5]

Configure UI menu button should already be covered by the permissions system. Regular users will not be able to edit the user interface, clicking that button will just show a help menu. That will also hide other things like the Configuration panel and Developer Tools from the sidebar.

So make sure that your children accounts are set to "User" and not "Administrator" .. Newly created accounts are created as admins by default unless you manually go in and change it afterwards. I have an issue about that here https://github.com/home-assistant/frontend/issues/3604.

Logbook and History will still appear in the sidebar though, yeah. I do kind of agree those should be hidden, and probably even the Map too.

[fribse]

Well, what is needed is a proper ACL system. I would very much like to have a way to also hide specific tabs in the main window. I have so far circumvented it with using the 'user' as you point out, which I had already set up, and then Custom Header to hide specific tabs, and the menu. That works, but it is a hack, and should be part of a real ACL.

[bramkragten]

You can hide tabs from users in core, no need for custom header.

An ACL system is in the works for some time, but a lot of work to implement. You are more than welcome to help.

[fribse]

I known ACL is a lot of work, especially when it's an afterthought. I thought it was Custom Header that provided the 'hide tabs' function, I am using it, but of course, it's sort of a security-by-obscurity solution :-) I wouldn't mind helping out, unfortunately I have no real experience in coding, I work as a DevCon, but there the Dev part is targeted quite differently towards bash scripts to do small tasks for automation, so I think most of you would prefer that I didn't butt in :-) Having worked within the confines of a REALLY good ACL (Novell Directory Services) and a not so good (Active Directory Services) and a very simple on (Linux) I do have some experience in how they should be made, so I could set up a test system here if needed.

[Misiu]

@fribse try https://github.com/iantrich/restriction-card it's not ideal (you will still have map and logs in the menu), but you will be able to secure cards

[SylvainGa]

Hi, I too would like to limit some sidebar items view from the kids but although not what I want, here's something I found that can hide/rearrange some items from the side bar:

https://github.com/Villhellm/custom-sidebar

[rjulius23]

You can hide tabs from users in core, no need for custom header.

An ACL system is in the works for some time, but a lot of work to implement. You are more than welcome to help.

@bramkragten It would be really important for us, how can we jump in and help ? What is the Issue, branch, user story related ?