Dashboards can be deleted by unauthenticated users

๐Ÿ›Ž๏ธ Get Help
1

C8 2.3.8.128
anyone that knows the local lan link to a dashboard can modify or delete without any authentication. this leaves the hubitat UI exposed to anyone on the network.

I understand that only trusted users would know the link but trusted users are not always intelligent users and can unknowingly modify or delete things.

I would like to see the ability to modify or delete tiles removed from the local lan link functionality. only authenticated users with the correct permissions should be able to modify or delete things.

2 Likes
2

Can you be more specific? It seems like you might be talking about two different things.

This option is already available (though it's not LAN-specific) in any Dashboard:

Lock down dashboard so no changes can be made in the Web UI of this Dashboard (option under "Advanced" section in Dashboard app)

If you are also talking about access to the hub admin UI, that isn't really Dashboard-specific but can be controlled by enabling this feature:

https://docs2.hubitat.com/en/user-interface/settings/hub-login-security

Or is there something else?

4 Likes
3

ill try the lock down dashboard settings to see if it accomplishes what i need. I already use the hub login security.

thanks

4

If your goal is to prevent users from editing a dashboard (intentionally or unintentionally), then that is precisely what the feature @bertabcd1234 referenced is intended to do.

You might also want to toggle off the switch that says โ€œallow logo click to go back to dashboard menu.โ€ This will prevent the user from accessing another dashboard that you didnโ€™t intend for them to have access to.

The documentation for dashboards is here, if you need to review the available features.

3 Likes
5

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.