undefined | Better HN

0 pointslocaltoast2y ago0 comments

> - Those limited accounts? I use undocumented HomeAssistant APIs to lock them down to specific entities

Mind sharing your process to achieve what sounds like successful implementation of the much-requested ACL/RBAC support?

0 comments

"successful" is a very optimistic way of looking at it. it has several downsides but largely works for my needs:

- read access is mostly available for sensors, even if access wasn't granted.

- some integrations (especially custom integrations) don't care about authorization. my fork mentioned in the blog does, because I explicitly added logic to authorize requests. the HomeAssistant authorization documentation is outdated and no longer works. I looked through the codebase to find extensions that implement it for an example. maybe I should submit a PR that fixes the doc...

- each entity needs to be explicitly allowed. this results in a massive JSON file.

- it needs a custom group added to the .storage/auth file. this is very much not officially supported. however, it has survived every update I have received so far (and I always update HomeAssistant)

I will share what I did in detail when I get some time on my hands

localtoastOP2y ago

Much appreciated. Sounds as if you're way out of spec. Still; should be interesting to go through your methods.

j / k navigate · click thread line to collapse