Libre Home strive to achieve maximum level of security and privacy protection.
We design a custom security model that is optimal for both residential and enterprise users.
The screen lists all users and groups defined in the system.
Icons marked red are with super user (administrator) privileges.
Group is a list of users.
A user or group may have special privileges.
- System Admin - Super user. A super user has maximum privileges.
- Add Device - The user/group can add new devices to system.
- Add App - The user/group can add new App to system.
- Add App Task - The user/group can add new App Task to system.
- Add Scene - The user/group can add new Scene to system.
- Add User - The user/group can add new user to system.
- Account Enabled - The account is enabled.
User/Group may have a list of access to other objects, such as devices, apps, tasks, and users.
- For devices, get status
- For other objects, know the existence
- For devices, control
- For tasks, turn on/off
- For users, send messages
- Remove; user can remove this object from system
- Config; user can manage the object
- For devices, change attributes
- For tasks, edit the task arguments
- For users, change user attributes; for groups, edit the group members
Access control may be defined on types of system objects below:
- Logical Devices
A user inherits privileges and permissions of all groups the user belongs to.
Note: Use of groups to assign permissions and access controls is recommended.
In stead of assigning “System Admin” privilege to individual users, it’s recommended to define an “Administrators” group, assigning “System Admin” privilege to the group.
Every user in that “Administrators” group will inherit the “System Admin” privilege.
Assuming we have a light named “Front Yard” in the system, if we assign “Read/Write” access of the light to the “Users” group, then every member of “Users” will be able to “Read/Write” the light, meaning getting status and control.
- Residential setup can have 3 groups:
Only one master password is required for Hub recovery. Master password never leaves your home.
Hub admin manages mobile device accesses for each user. Each device has its own encryption keys. Mobile access can be easily added/removed.
A user may be member of more than one groups. The privileges and accesses defined in different groups may be different. The inheritance rules still apply, by combining all privileges and accesses.
If this flag is unchecked, user will not be able to login to the system.
**Note if a group is disabled, all members (including indirect members through nested sub-groups) will be denied login.
If a user belongs to two groups, and one group is disabled, the user will be disabled, even though another group is not disabled. “Account Enabled” flag is more stringent than other flags.**
A privilege may be displayed grayed out. It is because the user/group inherits that privilege from parent groups.
An access may be displayed grayed out. It is because the user/group inherits that access from parent groups.