Announcement

Collapse
No announcement yet.

How to Set Up User-Level Access in HomeSeer

Collapse
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to Set Up User-Level Access in HomeSeer

    Rich enhanced user level access a few releases ago with very little fanfare. If you didn't read the release notes, you probably weren't aware of this. Here's a quick little video showing up some of these cool new tweaks:

    website | products | support | youtube

  • #2
    Thanks for posting this Mark. Will z-tool+ be updated at some point to work with local logins enabled? I would like to enable this in the near future as my boys' computer knowledge will likely exceed mine in the near future, but don't want to lose the z-tool functionality. [emoji3]

    Thanks
    Al


    Sent from my iPhone using Tapatalk
    HS 3.0.0.532: 1963 Devices 1141 Events
    Z-Wave 3.0.1.261: 122 Nodes on one Z-Net

    Comment


    • #3
      Originally posted by sparkman View Post
      Thanks for posting this Mark. Will z-tool+ be updated at some point to work with local logins enabled? I would like to enable this in the near future as my boys' computer knowledge will likely exceed mine in the near future, but don't want to lose the z-tool functionality. [emoji3]

      Thanks
      Al


      Sent from my iPhone using Tapatalk
      What do you imagine your kids would do with Z-Tool+? curious...
      website | products | support | youtube

      Comment


      • #4
        How to Set Up User-Level Access in HomeSeer

        Hi Mark, I don't want them using ztool +, I want to use it, but my understanding is that it doesn't work if local logins is enabled. I want to give my boys access to certain devices in HS and restrict access to others so want to enable local logins.

        Thanks
        Al


        Sent from my iPhone using Tapatalk
        HS 3.0.0.532: 1963 Devices 1141 Events
        Z-Wave 3.0.1.261: 122 Nodes on one Z-Net

        Comment


        • #5
          Originally posted by sparkman View Post
          Hi Mark, I don't want them using ztool +, I want to use it, but my understanding is that it doesn't work if local logins is enabled. I want to give my boys access to certain devices in HS and restrict access to others so want to enable local logins.

          Thanks
          Al


          Sent from my iPhone using Tapatalk
          I see what you mean. When you need to add devices to your network with Z-Tool+, just untick the setting. After you're done, tick that setting again. I'm guessing you're not adding/deleting devices all that frequently, right? The alternative would be to require a login in ZTool+, which would make everyone always have to log in manually to use it. Since most people don't have the need for user-level access, that would be complicating things for the majority to make life easier for the few.
          website | products | support | youtube

          Comment


          • #6
            How to Set Up User-Level Access in HomeSeer

            Seems like that is defeating the purpose of z-tool. I'd have to use the web interface first so that I don't have to use the web interface for the zwave plugin [emoji1]. How about an option in z-tool that allows you to configure if you want it to prompt you for login credentials?

            Cheers
            Al

            PS I could argue that most people should be running with local logins enabled as security by obscurity is really not good enough these days... [emoji12]


            Sent from my iPhone using Tapatalk
            HS 3.0.0.532: 1963 Devices 1141 Events
            Z-Wave 3.0.1.261: 122 Nodes on one Z-Net

            Comment


            • #7
              Originally posted by sparkman View Post
              Seems like that is defeating the purpose of z-tool. I'd have to use the web interface first so that I don't have to use the web interface for the zwave plugin [emoji1]. How about an option in z-tool that allows you to configure if you want it to prompt you for login credentials?

              Cheers
              Al

              PS I could argue that most people should be running with local logins enabled as security by obscurity is really not good enough these days... [emoji12]


              Sent from my iPhone using Tapatalk
              If everybody enabled local logins, this would be a no-brainer and we'd simply force a login with Z-Tool+. However, very few opt for that and for good reason. If a thief is logging into your system locally, he's probably already in your house, in which case... you've got bigger problems than unauthorized HS access!
              website | products | support | youtube

              Comment


              • #8
                User access not working in HS3Touch

                Mark

                I have edited many many devices to create a much smaller list of devices for my wife to access. When I log in as her from the Web UI, either locally or externally via my own domain the user access settings are honoured correctly.

                When I log in using her account from HS3Touch externally using my own domain the user controls are ignored and she can still see all the devices that I removed access for. Haven't tried internally yet as not at home

                Win 10 Pro
                HS3 .206
                HSTouch Server .75

                Her account is of the type "Normal" with Event access but no access to Counters/Timers or Logs

                I am probably missing something obvious

                Cheers
                James
                cheeryfool

                Comment


                • #9
                  Originally posted by macromark View Post
                  If everybody enabled local logins, this would be a no-brainer and we'd simply force a login with Z-Tool+. However, very few opt for that and for good reason. If a thief is logging into your system locally, he's probably already in your house, in which case... you've got bigger problems than unauthorized HS access!
                  That's why I'm asking for an option that accounts for both scenarios (no pun intended ). I'm not worried about a thief breaking into my house that way. There are enough rocks in my yard that it's easy for any one to come in that wants to come in. However, I'm worried about my kids, wife or house guests accidentally doing something to my HA system that they shouldn't be doing and I'm also worried about some hacker group somewhere launching an attack on HS systems at some point in time just to prove that they can and maybe unlocking all doors and turning of all thermostats in the middle of winter. From my perspective the latter is a matter of when, not if, as the number of IoT and connected homes grows.

                  IMHO a strong security framework will be a must if HS wants to stay a leader in the HA space. To me this means that security must be able to be seamlessly applied without having to turn it off to allow some functionality to work. Hardware devices such as the z-net should be password protected, the web server should use a current version of SSL, etc, etc.

                  Cheers
                  Al
                  HS 3.0.0.532: 1963 Devices 1141 Events
                  Z-Wave 3.0.1.261: 122 Nodes on one Z-Net

                  Comment


                  • #10
                    I agree. The Z-tool should have the same configuration settings found in HSTouch client. Once credentials are entered, they can be remembered for seamless logon as required.
                    Mike

                    Comment


                    • #11
                      Originally posted by sparkman View Post
                      the web server should use a current version of SSL
                      On this piece, Rich mentioned that the new versions of HS3 (I think it was .205 and later) had been modified to use the inbuilt Windows web server (presumably IIS), instead of the legacy version previously built in to HS. I would have hoped that would solve this, but I didn't get any confirmation when I asked.
                      cheeryfool

                      Comment


                      • #12
                        Originally posted by mwaite View Post
                        I agree. The Z-tool should have the same configuration settings found in HSTouch client. Once credentials are entered, they can be remembered for seamless logon as required.
                        We'll look into it. FYI though... Z-Tool+ only has the ability to add/remove devices IF YOU ARE IN THE HOUSE. So again... from a security perspective, you have much bigger problems than if someone is actually in your house. Truthfully, even without Z-Tool+, you can still foul up someone's network with a little Z-Stick.
                        website | products | support | youtube

                        Comment


                        • #13
                          I think the real risk is that if someone launches z-tool and select add or delete, then someone else turns on a light switch, z-tool might pick it up to add or delete.
                          HS3Pro Running on a Raspberry Pi3
                          64 Z-Wave Nodes, 168 Events, 280 Devices
                          UPB modules via OMNI plugin/panel
                          Plugins: Z-Wave, BLRF, OMNI, HSTouch, weatherXML, EasyTrigger
                          HSTouch Clients: 3 Android, 1 Joggler

                          Comment


                          • #14
                            Originally posted by rmasonjr View Post
                            I think the real risk is that if someone launches z-tool and select add or delete, then someone else turns on a light switch, z-tool might pick it up to add or delete.
                            Delete would be the only possibility. There's no way to add a node that's already on the network. Also, delete only works in direct range. It won't work over routing.

                            Again though... what's the likelyhood that someone would go to all this trouble to mess up someone's network? What would be the end-game? You can't control any devices this way... you can't unlock a lock with Z-Tool+!
                            website | products | support | youtube

                            Comment

                            Working...
                            X