Option to disable arming from HA - FR

[Drealine]

Hi Thank's again for your hard work. The integration work well and it's usefull to have state sensors to make another automation. So I've a FR to improve this integration and I would like to known if you're interested.

In my opinion, have a possibility to arm/disarm in HA is usefull but for me, it can make a security risk. Adding a possibility create a new risk too. So adding an option to disable the possibility to arm/disarm can be good.

Let me know :) Thank's!

[petrleocompel]

Isn't this supposed to be solved on higher level for your HA instance ? restricting users to certain entities?

[petrleocompel]

I would rather implement requirement to "put in the code" to disable. And option for providing the code is there already.

[Drealine]

Yes I already see that. But maybe put in the code directly the option to disable can prevent a security issue instead of using a code to arm/disarm. HA instance is for large users exposed to internet. If frontend is exposed to a vulnerability, an intentional user can see the code in integration page.

[petrleocompel]

Yeah.. I think HA should not be exposed to internet. If the user has access to HA... there are way to still do bad things...

I can add configuration option. Default opt-out of settings up control panel. But it will might be added later.

[enrico-stronati]

Yeap, I have the same proposal, I think the same of Drealine. Very thank you for your work petrleocompel.

[petrleocompel]

@Drealine @enrico-stronati big question is the users are administrators ? if not... You can just hide the "alarm control panel" and expose only "status of entity".

Or take a look on templates -> https://www.home-assistant.io/integrations/alarm_control_panel.template/ And hide the original entity, disable arming and disarming actions and only administrators has access to the original entity.