Option to disable arming from HA - FR
Drealine opened this issue · 7 comments
Hi
Thank's again for your hard work. The integration work well and it's usefull to have state sensors to make another automation.
So I've a FR to improve this integration and I would like to known if you're interested.
In my opinion, have a possibility to arm/disarm in HA is usefull but for me, it can make a security risk. Adding a possibility create a new risk too. So adding an option to disable the possibility to arm/disarm can be good.
Let me know :)
Thank's!
Isn't this supposed to be solved on higher level for your HA instance ? restricting users to certain entities?
I would rather implement requirement to "put in the code" to disable. And option for providing the code is there already.
Yes I already see that. But maybe put in the code directly the option to disable can prevent a security issue instead of using a code to arm/disarm. HA instance is for large users exposed to internet. If frontend is exposed to a vulnerability, an intentional user can see the code in integration page.
Yeah.. I think HA should not be exposed to internet.
If the user has access to HA... there are way to still do bad things...
I can add configuration option. Default opt-out of settings up control panel. But it will might be added later.
Yeap, I have the same proposal, I think the same of Drealine.
Very thank you for your work petrleocompel.
@Drealine @enrico-stronati big question is the users are administrators ? if not... You can just hide the "alarm control panel" and expose only "status of entity".
Or take a look on templates -> https://www.home-assistant.io/integrations/alarm_control_panel.template/
And hide the original entity, disable arming and disarming actions and only administrators has access to the original entity.