I was adding my wife as a guest user after adding the mobile app to her phone.
When I logged in with her account, I went to check the device list to see if her phone had been discovered / added.
Just to check, I went to delete my phone from the device list, fully expecting a "you don't have permissions" type message. But instead, it deleted my phone, no problem.
What is the difference between a "guest" account and a "admin" account?
I need to do some more reading / understanding the purpose of the Local Hub Security Login. I turned it on at one point, basically got locked out, and needed to reassess what I was doing with it.
I WAS considering using HE hub to do my security for my business lication (locks and alarm) until I realized that ANYONE with a URL link to a dash board can access all of the devices on that dashboard with no login or password required.
This means that a disgruntled employee could share the URL with who ever they pleased and unlock the doors of the business, disable the alarm, etc....
I bought the HE hub because I thought I read that you could share only the devices that a person needed access to.
Apparently I interpreted wrong.
So unless someone can point to me a way of securely using this hub... its going in the trash...
A total free for all.
Not going to happen
This is correct. So if you don't want someone to access locks and sirens, then don't make those devices available on the dashboard that you give them access to.
Worse than that. With that link I can view any dashboard that is not pin protected and I can control any device whether itβs used on a dashboard or not. In fact with the uuid and oauth token I can control any device so long as the dashboard app is installed. Even if none of the dashboards are cloud enabled.
PS you need to change your dashboard OAuth token ASAP!
This is one of the many reasons my hub has been firewalled from the internet.
I do have ways to lock down a dash so people cannot access other devices (removal of the options buttons), but it is not something to post publicly (if used wrong it can really mess things up). If you need that options PM me to discuss.
Simply changing the dashboard number in the URL opens up a lot of access. I know it is on the development list but separate oAuth tokens per dashboard are needed.
At DASHBORD if you have a PIN#.
If using MOBILE APP + HUB WEB UI + SELECTING DASHBOARD it dose NOT opens, it goes in to a white screen but never askes for PIN#.
But then when using the movile PHONE APP if you directly select at the boton left coner dahsbord icon, everything is fine .