User roles in OH1.8/2

Hi to all,

I have tried OpenHAB 1.8 already. It works great. But there is one unclear thing for me. There is users.cfg file. I can use authorization option and i can create diggerent users, but I didn’t find how to get authorization status in OH.

I’d like to make separate interfaces for different user groups or at least for different users (eg. admin, guest etc.). Is it possible to do such things in OH1.8/2? I will be grateful for some tips about this topic.

1 Like

This is not possible in openHAB v1.x. I am hoping there will be role based authentication in v2.0 but I haven’t had a look yet.

I guess creating different sitemaps one could achieve something close to what you want.

I didn’t try OH v2 yet. It will be great if it has such functionality. Different sitemaps is a good idea, but how to get information what user has been logged in the system? I can change visibility of different objects too, But I don’t know how to get user name or user role.

That is part of the solution. Really what you would need to do is use a reverse proxy, perform the authentication on that reverse proxy and based on which user logs in forward the request to a different sitemap. I’m not 100% certain this is possible with something like ngnix but eventually plan to try it out for kicks.

You can’t. I don’t even think the username gets printed to the logs.

The idea is clear, thanks. But this solution is not good. I’m going to use Android and IOS applications. They will be failed to work with such solution, am I wrong? I need to assign different access rights for different users. It should be stored in database or somewhere else. It will be to difficult to develop separate sitemap for every user (it should be many users with different roles). It would be great to build dynamic sitemap according username or user role, but I have no idea how to get such information in a sitemap.

If you are talking about my reverse proxy suggestion it will work on Android and iOS. You just provide different authentication information and the reverse proxy handles the rest.

Typically this is handled by creating a limited number of roles (e.g. admin, user, guest) and assigning users to one of these roles. And then you would need to create a separate sitemap for each role and the reverse proxy sends the traffic to the appropriate sitemap based on the user’s role.

The user to role mapping and the role to sitemap mapping is indeed stored in a database, but it is the database used by the reverse proxy. not OH.

This simply cannot be done on OH 1. I don’t know about OH 2 but suspect the answer is no there as well. Also, in my experience, creating a dynamic sitemap with a bunch of visibility flags or similar for each user would be WAY more work than writing separate sitemaps for each role.

Thank you for the reply. Your solution is good, but it could not fit to my needs.
What I’d like to get now:

  • few admins to manage user accounts, user roles and access rights to groups of devices;
  • many users who can do something with groups of devices.

The problem is that admin should allow access to some groups of devices for each user. Groups of devices are similar, but each user should have access only for defined numbers such groups. Eg. user1 should have access to device groups #1, #2, #3; user1 should have access to device groups #3, #5, #8; etc. Device group could be organized as sitmap. But it is a problem to transfer allowed device groups list for current user at the moment.

OpenHAB looks very nice, but it looks like I can not use it for such purpose.

I have launched OH2 already, But I didn’t find something connected with user account/roles there.

1 Like

I do not see anything in your description that makes my proposed solution technically unfeasible.

But regardless, realize that OH was designed to be for Home Automation, where the typical home will have between one and lets say 6 users. If you have more users than that, perhaps a more commercial/industrial oriented automation software would be more appropriate.