Access control - "user role" - Definition and exemple

Hello,

Can someone explain me exactly what is “user role” and what it means? I know that when we add a user in the Karaf console, we can add them with a role. This role can be used for example as explained in the openHAB documentation Building Pages - Components & Widgets | openHAB to know which user can see the widget and the component and this post Is openhab 3 multiuser? - #25 by tarag also explains how to add multiple roles for a user by modifying the userdata/jsondb/users.json file.

I am using openHABian, so my questions are: can someone explain to me what a user role means and in which application it can be used (for the visibility/access of the different page, homepage, sitemap, widget, …)? If possible, please give me some examples. And where can I find the file userdata/jsondb/users.json?

These answers will help me a lot because I am trying to improve the access control of the different users of openHAB.

Thanks in advance.

Nicolas Gennart.

The user role cannot access the settings menu when logged in. They can only access the pages in MainUI.

Essentially what you see when you do not log into MainUI at all is what a user will see. You can disable that so a user must log in to see anything.

You further have the ability to hide elements on pages based on the user’s role.

The user only exists in openHAB and can only be used to log into MainUI and access parts of the openHAB REST API. openHABian is completely uninvolved. It only applies to openHAB itself.

1 Like

Thank you very much for your answer, it is clearer.

And where can I turn off the visibility of the main interface for the overview, locations, equipment and properties so that the user has to log in to see them? Because I’ve tried it and I couldn’t get it to work.

And I have another question, a user can only see the page and cannot, for example, turn on/off a light by performing an action on a page with a switch?

Settings → API Security → Turn off Implicit User Role

If they can see it they can interact with it.

1 Like

Ok thank you,

Can we configure it for certain users with roles or for the overview, locations, devices and properties, this is only possible by doing Settings → API Security → Enable/Disable implicit user role?

And I don’t know why but when I disable the API implicit user role, I’m using temperature and the temperature of my item will disappear like that:

And when I enable it again it displays that (as before):

You can only configure visibility by role, not individual users.

1 Like

Thank you and do you know why I have this bug when I disable the API implicit role?

I’ve not seen that behavior reported. All I can recommend is to do a refresh of the page after changing the config and if the problem persists file an issue.