User Management

From Domoticz
Revision as of 09:35, 10 January 2024 by Walter vl (talk | contribs) (→‎Set Devices)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction

With menu Setup - Users you can have separate users logging in into your Domoticz environment with different access rights.Create one or more Users to allow different people to control Domoticz. Assign the proper rights to each User.

Domoticz comes with 3 different rights (often called 'roles'). These are:

  • admin; with admin rights you can control every aspect of Domoticz including all settings, configurations and user/rights management.
  • user; this is the role for most Users as it gives them control to access all devices and if possible control them, like turning a light on or off.
  • viewer; this is the most restrictive role as it only allows to 'view' devices but not control them. So such a user can 'read' the temperature target for a thermostat, but can not change the thermostat target temperature.

In general, you do not need multiple admins. Maybe a second User with admin privileges can be used as a backup admin User in case you forgot the credentials of the first admin. Your Users should either get 'user' or 'viewer' privileges.

Note: The Switch/Light protection password is managed by setting Light/Switch Protection in menu Setup - Settings Tab Security.

From Stable 2023.1: By default Domoticz is protected by a username (admin) and password (domoticz).

Please either change the password as soon as possible (menu Setup -> My Profile) or create a different admin user and remove the default (admin) user.

More information on securing your Domoticz setup can be found in the page Security

Manage Users

Go to menu Setup - Users

Enter the details and click on Add

Username: Enter username

Password: Enter password

User rights:

  • Admin: All rights, switching, edit device, timers etc
  • User: Only switching switches and show device logging. Not allowed to edit the device. No Setup menu.
  • Viewer: Only view state and logging. No allowed to perform switching. No Setup menu.

Sharing: Enable device sharing for remote Domoticz slave sites

Active Menus: Enable/disable the specified menu tabs for this particular user.


TIP: For the main User, create 2 accounts. One called for example 'mike' (if he is called Mike) with 'user' privileges. And a second one called 'mikeadmin' with 'admin' privileges. This way, 'mike' can login to Domoticz as a normal user, and leave his phone unprotected at the table without the risk that someone else abuses his 'admin' rights. When 'mike' needs to perform actions that require 'admin' privileges, he can login using his 'mikeadmin' account. And logout once he is done and go back using his normal 'mike' User account.

TIP2: Create a new admin User (for example 'mikeadmin') and disable the default User called 'admin'.

Login

With default security settings you need to login everytime you want to see the Domoticz interface.

If the IP address of the client is entered in setting Trusted Network (Menu Setup - Settings, tab Security) you do not need to login.

If in this case multiple users are defined in Domoticz then the (first) admin will be used to automatically login.

NOTE: You are not able to switch user when the client is within the Trusted Network setting.


MyProfile

After login a user can change his profile through menu Setup -> My Profile you can change your profile.

Actions are change password and enable 2-factor authorization

See wiki page MyProfile for more info

Set Devices

After creating the user you have to set the devices the user has access to. Click on the Set Devices button in the account name line.

A list with all available devices is shown in the left column. Clicking on it will move it to the right column to be available for this user.

Click on Save to save the configuration.

Note: It is advised not to set selected devices for an admin user as the rest of the devices will become invisible.

Note: Use this function also when you want to do device sharing with another Domoticz server. Use a specific user to share the devices. Do not use an admin for this.


Pro-tip: You can see the Active User on the 'About' screen:


Domoticz about screen


Resetting the Website Username/Password

To reset the website username/password in case this is lost there are two options.

  1. Specify –nowwwpwd as command line argument (link to detailed instructions)
  2. Place a file labeled ‘resetpwd’ inside the root Domoticz installation folder. Each minute the existence of this file is checked, and if found the Username/Password is reset and the file is removed.


Retrieved from "https://wiki.domoticz.com/index.php?title=User_Management&oldid=18408"