Users and Security

Libre Home strive to achieve maximum level of security and privacy protection.

We design a custom security model that is optimal for both residential and enterprise users.

Security Model

  • User and group, group is a list of users
  • User and group may have special privileges
    • Special privileges including
      • Add device
      • Add application
      • Add task
      • Add user and group
      • Super user (manages everything)
    • User inherits privilege of all groups user is in
  • User and group may have access permission to system objects
    • Access permissions are
      • Read
      • Write
      • Config
      • Delete
    • System Objects are
      • Devices
      • Logical Devices
      • Applications
      • Tasks
      • Users (including groups)
    • User inherits access permission to system objects of all groups user is in

Simplified Security Model for Residential User

  • Residential setup can have 2 groups:
    • Administrators
    • Users
  • Residential setup may have several guest users
    • Guest users are not in regular Users group
    • Guest users have special access control list

Device (Smartphone) Access

Each Smartphone device of a user has to be provisioned individually. If device gets lost, simply remove the device from system will disable any access from that device.

User & Group List

Main screen lists all users and groups.

Icons marked red are with super user privileges.

User List

Add New User

Click “Add” button on upper right or lower right corner.

The choose “Add New User”

User must have a unique name.

User Add

Special Privileges

Click “Privileges” on upper will show up dialog to modify user privileges.

User Privileges

Super User and Special Permissions

A user may be assigned a special “System Admin” flag. A user with that special flag can add, remove and config any system object.

A user may be assigned a specific permission to add devices, apps, tasks, scenes or users.

Account Enabled Flag

If this flag is unchecked, user will not be able to login to the system.

Note if a group is disabled, all members (including indirect members through nested sub-groups) will be denied login.

If a user belongs to two groups, and one group is disabled, the user will be disabled, even though another group is not disabled. “Account Enabled” flag is more stringent than other flags.

Managing User Groups

Click “Groups” in eigher upper or bottom button will show up a screen to customize the groups the user belongs to.

User groups can be edited by adding or deleting.

User Group

Add New Group

Similar to “Add New User”. A new group can be added.

Only difference is that you need to edit group members as well.

Group Add

Managing Group M<embers

User can add members to or remove members from a group.

Mobile Device

After a new user is added. The access token for the first mobile device (Smartphone) of that user is automatically created.

Copy the access token and send it to your new user. The new user can use that acccess token to set up connection on his Smartphone App.

Extra mobile device access can be created for users. Mobile devices can also be removed.

Admin can give each mobile device a meaningful name such as, phone, working iPad, etc.

User Mobile Access

Access Control

The access control defines the access flags a user (or user group) to an object

  • Read Read
    • For devices, get status
    • For other objects, know the existence
  • Control Control
    • For devices, control
    • For tasks, turn on/off
    • For users, send messages
  • Remove Remove; user can remove this object from system
  • Config Config; user can manage the object
    • For devices, change attributes
    • For tasks, edit the task arguments
    • For users, change user attributes; for groups, edit the group members

Managing Access Control

After opening screen for any particular user or group. On the bottom of the screen, there is a Access Control ACL button.

User can view, add or edit the acces control list.

In the list, it is very clear to tell if an access is inherited from a group. Inherited access is gray because it can not be removed, unless user is removed from the group.

User ACL View

User ACL Add

User ACL Edit

Technical Details

For more technical details about security, please refer to “Developer Guides”.