Announcement

Collapse
No announcement yet.

How to Set Up User-Level Access in HomeSeer

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fellhahn
    replied
    I know this is an old thread, but seeing as lombarj has already resurrected it, I'm left with a question after reviewing user access.

    Neither the video in the original post or the HomeSeer help file seems to adequately describe purpose of the "Guest" user type?

    If a user is set to to "Guest", are they automatically excluded from the "Any User" collection unless explicitly defined on a device?

    Leave a comment:


  • lombarj
    replied
    I recently installed a Hometroller Zee S2 in a 40 person ski house. I need backup admins and for training purposes I would like tech savvy people to have read-only access so they could view events and all settings without being able to change anything. Once they're familiar I can allow them full access. Is there a way to give read only access to the entire system?

    Leave a comment:


  • macromark
    replied
    Originally posted by rmasonjr View Post
    I think the real risk is that if someone launches z-tool and select add or delete, then someone else turns on a light switch, z-tool might pick it up to add or delete.
    Delete would be the only possibility. There's no way to add a node that's already on the network. Also, delete only works in direct range. It won't work over routing.

    Again though... what's the likelyhood that someone would go to all this trouble to mess up someone's network? What would be the end-game? You can't control any devices this way... you can't unlock a lock with Z-Tool+!

    Leave a comment:


  • rmasonjr
    replied
    I think the real risk is that if someone launches z-tool and select add or delete, then someone else turns on a light switch, z-tool might pick it up to add or delete.

    Leave a comment:


  • macromark
    replied
    Originally posted by mwaite View Post
    I agree. The Z-tool should have the same configuration settings found in HSTouch client. Once credentials are entered, they can be remembered for seamless logon as required.
    We'll look into it. FYI though... Z-Tool+ only has the ability to add/remove devices IF YOU ARE IN THE HOUSE. So again... from a security perspective, you have much bigger problems than if someone is actually in your house. Truthfully, even without Z-Tool+, you can still foul up someone's network with a little Z-Stick.

    Leave a comment:


  • cheeryfool
    replied
    Originally posted by sparkman View Post
    the web server should use a current version of SSL
    On this piece, Rich mentioned that the new versions of HS3 (I think it was .205 and later) had been modified to use the inbuilt Windows web server (presumably IIS), instead of the legacy version previously built in to HS. I would have hoped that would solve this, but I didn't get any confirmation when I asked.

    Leave a comment:


  • mwaite
    replied
    I agree. The Z-tool should have the same configuration settings found in HSTouch client. Once credentials are entered, they can be remembered for seamless logon as required.

    Leave a comment:


  • sparkman
    replied
    Originally posted by macromark View Post
    If everybody enabled local logins, this would be a no-brainer and we'd simply force a login with Z-Tool+. However, very few opt for that and for good reason. If a thief is logging into your system locally, he's probably already in your house, in which case... you've got bigger problems than unauthorized HS access!
    That's why I'm asking for an option that accounts for both scenarios (no pun intended ). I'm not worried about a thief breaking into my house that way. There are enough rocks in my yard that it's easy for any one to come in that wants to come in. However, I'm worried about my kids, wife or house guests accidentally doing something to my HA system that they shouldn't be doing and I'm also worried about some hacker group somewhere launching an attack on HS systems at some point in time just to prove that they can and maybe unlocking all doors and turning of all thermostats in the middle of winter. From my perspective the latter is a matter of when, not if, as the number of IoT and connected homes grows.

    IMHO a strong security framework will be a must if HS wants to stay a leader in the HA space. To me this means that security must be able to be seamlessly applied without having to turn it off to allow some functionality to work. Hardware devices such as the z-net should be password protected, the web server should use a current version of SSL, etc, etc.

    Cheers
    Al

    Leave a comment:


  • cheeryfool
    replied
    User access not working in HS3Touch

    Mark

    I have edited many many devices to create a much smaller list of devices for my wife to access. When I log in as her from the Web UI, either locally or externally via my own domain the user access settings are honoured correctly.

    When I log in using her account from HS3Touch externally using my own domain the user controls are ignored and she can still see all the devices that I removed access for. Haven't tried internally yet as not at home

    Win 10 Pro
    HS3 .206
    HSTouch Server .75

    Her account is of the type "Normal" with Event access but no access to Counters/Timers or Logs

    I am probably missing something obvious

    Cheers
    James

    Leave a comment:


  • macromark
    replied
    Originally posted by sparkman View Post
    Seems like that is defeating the purpose of z-tool. I'd have to use the web interface first so that I don't have to use the web interface for the zwave plugin [emoji1]. How about an option in z-tool that allows you to configure if you want it to prompt you for login credentials?

    Cheers
    Al

    PS I could argue that most people should be running with local logins enabled as security by obscurity is really not good enough these days... [emoji12]


    Sent from my iPhone using Tapatalk
    If everybody enabled local logins, this would be a no-brainer and we'd simply force a login with Z-Tool+. However, very few opt for that and for good reason. If a thief is logging into your system locally, he's probably already in your house, in which case... you've got bigger problems than unauthorized HS access!

    Leave a comment:


  • sparkman
    replied
    How to Set Up User-Level Access in HomeSeer

    Seems like that is defeating the purpose of z-tool. I'd have to use the web interface first so that I don't have to use the web interface for the zwave plugin [emoji1]. How about an option in z-tool that allows you to configure if you want it to prompt you for login credentials?

    Cheers
    Al

    PS I could argue that most people should be running with local logins enabled as security by obscurity is really not good enough these days... [emoji12]


    Sent from my iPhone using Tapatalk

    Leave a comment:


  • macromark
    replied
    Originally posted by sparkman View Post
    Hi Mark, I don't want them using ztool +, I want to use it, but my understanding is that it doesn't work if local logins is enabled. I want to give my boys access to certain devices in HS and restrict access to others so want to enable local logins.

    Thanks
    Al


    Sent from my iPhone using Tapatalk
    I see what you mean. When you need to add devices to your network with Z-Tool+, just untick the setting. After you're done, tick that setting again. I'm guessing you're not adding/deleting devices all that frequently, right? The alternative would be to require a login in ZTool+, which would make everyone always have to log in manually to use it. Since most people don't have the need for user-level access, that would be complicating things for the majority to make life easier for the few.

    Leave a comment:


  • sparkman
    replied
    How to Set Up User-Level Access in HomeSeer

    Hi Mark, I don't want them using ztool +, I want to use it, but my understanding is that it doesn't work if local logins is enabled. I want to give my boys access to certain devices in HS and restrict access to others so want to enable local logins.

    Thanks
    Al


    Sent from my iPhone using Tapatalk

    Leave a comment:


  • macromark
    replied
    Originally posted by sparkman View Post
    Thanks for posting this Mark. Will z-tool+ be updated at some point to work with local logins enabled? I would like to enable this in the near future as my boys' computer knowledge will likely exceed mine in the near future, but don't want to lose the z-tool functionality. [emoji3]

    Thanks
    Al


    Sent from my iPhone using Tapatalk
    What do you imagine your kids would do with Z-Tool+? curious...

    Leave a comment:


  • sparkman
    replied
    Thanks for posting this Mark. Will z-tool+ be updated at some point to work with local logins enabled? I would like to enable this in the near future as my boys' computer knowledge will likely exceed mine in the near future, but don't want to lose the z-tool functionality. [emoji3]

    Thanks
    Al


    Sent from my iPhone using Tapatalk

    Leave a comment:

Working...
X