User Accounts for AdGuardHome #997
Comments
|
First we need to decide whether we can use the same UI for both administrator and a regular user. The problem is that currently if the server starts to respond with an error to all requests except
|
|
@szolin re-assigned this task to v0.103, I think it's too early for us to go this deep with users management. |
ghost
mentioned this issue
|
I didn't quite get the point of adding the "Language" settings into this panel. Based on my experience of the current version, obtaining language from the browser's request is quite enough. |
|
Regarding #1235 (comment) i think user account more convenient to preserve any changes, settings properly than simplified web panel without authentication and hold an account is not that much complex as #1235 (comment) mentioned. optionally able to use simple password, saved logins or without clear cookies etc. non-authentication accesses also make trouble when user needs to give personal desktop, mobile for someone else temporally or public devices in schools, classes, cafe etc. |
ghost
mentioned this issue
|
Like this idea - as a second iteration of this it could be nice to be able to have users authenticate through some SSO or LDAP service rather than having to manage them manually |
Please refer new changes above; i forgot to mention |
Agreed. OAuth 2.0 / OpenID Connect and SAML support would be amazing. There's a ton of awesome ready to go libraries out there. |
|
From #3243:
|
|
From #3806:
|
|
From #4426:
|
|
I think that this feature a multi user setup would be an overshoot and is not worth developing. Regards |
|
I would love this feature. Right now if I want to fetch AdGuard data like in Heimdal or other integrations, I need to provide my username and paassword which is used for admin access. A read only user would be much more secure. I guess this must not be an overshoot or overengineered solution with different ui or anything. Just a check if the user is admin or not on any set/update operations. |
Same here, I think a simple auth token would be sufficient. Ideally the access rights of the token could be restricted to e.g. only show info. I also think implementing a whole multi user system would be a massive overshoot. |
|
I'd love to have this! It'd be great if I could grant my partner access to our AGH instance to help manage our kid's stuff. |
|
It's only been 4 years, so I guess this is still in the consideration stage? root user default (and only) login is not within acceptable use policy for any such service. |
Enhance AGHome as a multi-user system that handles multiple simultaneous active sessions with role of administrators and standard users.
Benefits
(this way we can keep provide 'Client' feature for such administrator)
(Source: Ntopng)
https://www.ntop.org/products/traffic-analysis/ntop/
https://github.com/ntop/ntopng
Any other reasons?
To prevent implement #628
Above mentioned user roles seems extend the development task too much due other adguardhome users various expectations then i prefer suggest to discard user roles and use custom permissions method with 'Client Settings' for user accounts.
(that user also able to create sub-accounts for someone else, it reduce the fever falls to server administrator)
(additional option but it helps to avoid unwanted users. ex: avoid kids, co-workers create accounts for strangers)
(if no intention to add clients then it helps to keep current account default settings rather than no protection but it still possible to override)
(just lock all settings and we might need to use that individually for)
Preference
(this's an another column necessary to add next to 'main settings', 'block services', 'upstream servers')
(also let access to block/ unblock domains)
Filters
(it's possible to keep that under client settings too, so we can add necessary filter lists) #435
Locked settings effect
The text was updated successfully, but these errors were encountered: