Ok, so i searched the documentation and also the community forum to find an answer to this question but couldn't find one, so i'm posting it here in hopes to have some clarity. When you add an additional user to your hubitat via the portal, and they are provided "guest' what "access" does a guest user have? Is it something like just to be able to open a dashboard and use said dashboard, vs an "admin" can build, change, manipulate the dashboards, devices, basically the whole system? I ask cause i provide a couple friends and family access to my old wink and had a little granularity on what they could and could not do with devices. I'm looking to have a similar setup with HE. If guests users are able to access and run items from a dashboard only via local web or HE app, AND i build said dashboard for them to use, then that works for me. Sorry i got a little long winded in typing, basically i'm just wanting a clear description of what a "guest" vs "admin" has the ability to do. Thanks!
From what I understand:
You can control what others can see by locking down the dashboards that are available with a pin. You need to create specific dashboards for them to use and lock the others down with a pin. and not allow their dashboards to be editable. Dis-allow them being able to click on the dashboard name to get to other dashboards.
It is VERY important that when building your dashes, you do NOT choose "Include all devices" and manually choose what devices are exposed to each dashboard. Even the ones meant for your use. Ticking that toggle opens a bunch of new problems and is not recommended by HE. (I'm not sure why they don't just remove that toggle).
Unfortunately, I don't know of a way to restrict access by any other means at this time. I don't use sharptools. It could be a feature there. Perhaps someone will weigh in on that.
Thanks april, i know that was a long drawn out post that i originally posted, but i follow what you are saying, and that was my initial though, though you put it into digital words better than i did lol.. i guess the only think i don't get at this point is what is the "guest" vs "admin" allow or deny when assigned to a user. i really just want to know what a "guest" is able to do/see from the hub itself again vs the "admin". i think my background I.T. security is probably mudding my brain a bit lol..
Thanks again for your input.!!!
where do you see this?
Like, I'm literally clicking all over in my app settings and in the ui and can't find where you can differentiate.
sorry to have you running all over the app.. so from what documentation i did find about adding users to HE, it's under the portal.hubitat.com. here's the specific document i'm talking about:
How to change accounts linked to your hub - Hubitat Documentation
... And under promoting users, there is "guests" that you CAN promote to admins.
I guess what i'm trying to figure out is what is the access difference between "guest" and "admin".. again, I.T. security brain here, trying to figure out the differences in these "groups" (if you want to call them).
Leave it to me to go down the rabbit hole HEHEHEH!!
The hub (admin UI) itself and the Hubitat Portal are two separate logins. The hub can only have one login, effectively an administrator, or it can have no login at all (open access) if you leave it as it is by default or later remove the local user you created.
What you're looking at above is the Hubitat Portal login. An "admin" here can do the fully gamut of things, like adding/removing other (including guest) users. Hubitat Portal logins can be used to sign into the Hubitat mobile app (not the hub admin UI). One reason you might want to add a "guest" account here is for presence--someone else in your house could add the app, sign in to the app with their guest account, and create presence device on your hub for their phone, but they won't be able to log into the Hubitat Portal website and, say, add other users. (Note that you can't actually create an account here; as the UI says, it has to be an account that was already created. They could do that for themselves, or you could do it for them.)
I'm pretty sure they'll still have access to that hub's Dashboard apps, or at least this post from shortly after the introduction of the app (I don't recall any big changes since then) says that the above is pretty much the only difference:
If restricting Dashboard access is a concern, the PIN feature mentioned above is one option; otherwise if you don't need the app for other reasons (like presence), you could simply share the local or cloud link with them and disable the options for that Dashboard that would allow you to navigate back/up and see a list of all Dashboards for that hub. If you have editing features enabled for that dashboard, a guest would still be able to do that (but a hub admin could go to Apps > Hubitat Dashboard and change any of these settings).
That was exactly what i was looking for!!.. i just wanted to know what the differences were, and you answered that. Thank you for your input!!.
3 posts were split to a new topic: New Documentation