Link

Users and Security

Libre Home strive to achieve maximum level of security and privacy protection.

We design a custom security model that is optimal for both residential and enterprise users.

Security Model

  • User and group, group is a list of users
  • Permissions
    • User and group may have special privileges
    • User and group may have access permissions to system objects
      • DeviceDevices
      • DeviceLogical Devices
      • AppApps
      • TaskTasks
      • UserUsers
    • A user inherits privileges and permissions of all groups the user belongs to.

Simplified Security Model for Residential User

  • Residential setup can have 3 groups:
    • Administrators
    • Users
    • Guests

No Password for Users

Access is granted on per device bases, which can be easily added or removed by the admin.

User and Group List

Icons marked red are with super user (administrator) privileges.

User/Group Privileges

A user or group may have special privileges.

  • System Admin - Super user. A super user has maximum privileges.
  • Add Device - The user/group can add new devices to system.
  • Add App - The user/group can add new App to system.
  • Add App Task - The user/group can add new App Task to system.
  • Add Scene - The user/group can add new Scene to system.
  • Add User - The user/group can add new user to system.
  • Account Enabled - The account is enabled.

Account Enabled

If this flag is unchecked, user will not be able to login to the system.

**Note if a group is disabled, all members (including indirect members through nested sub-groups) will be denied login.

If a user belongs to two groups, and one group is disabled, the user will be disabled, even though another group is not disabled. “Account Enabled” flag is more stringent than other flags.**

It is recommended to assign special privileges to a group. It is more efficient because all users/groups within the group will inherit the privileges.

Grayed Out Privileges

A privilege may be displayed grayed out. It is because the user/group inherits that privilege from parent groups.

Priviledges

Access Control

User/Group may have a list of access to other objects, such as devices, apps, tasks, and users.

  • Read Read
    • For devices, get status
    • For other objects, know the existence
  • Control Control
    • For devices, control
    • For tasks, turn on/off
    • For users, send messages
  • Remove Remove; user can remove this object from system
  • Config Config; user can manage the object
    • For devices, change attributes
    • For tasks, edit the task arguments
    • For users, change user attributes; for groups, edit the group members

It is recommended to assign accesses to a group. It is more efficient because all users/groups within the group will inherit the accesses.

Grayed Out Privileges

An access may be displayed grayed out. It is because the user/group inherits that access from parent groups.

Accesses


Table of contents