Access Flows based on authentication

spady7 · 17 March 2023 14:19

Hi, I've tried different ways to restrict access to only some flows, based on users.
I tried enabling the "projects" and configured as follows:

   adminAuth: {
        type: "credentials",
        users: [{
            username: "admin",
            password: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
           permissions: ["read", "write", "projects:project1"]
        }]
    },

       projects: {
            /** To enable the Projects feature, set this value to true */
            enabled: true,
            workflow: {
                /** Set the default projects workflow mode.
                 *  - manual - you must manually commit changes
                 *  - auto - changes are automatically committed
                 * This can be overridden per-user from the 'Git config'
                 * section of 'User Settings' within the editor
                 */
                mode: "manual"
            },
			projects: {
			  "project1": {
				// Restrict access to this project to user1
				users: ["admin"],
				// Define the flows in this project
				flowFile: "flows_project1.json",
				// Additional project settings
				settings: {
				  // Enable or disable project-level logging
				  logging: false,
				  // Set the maximum number of active flows in this project
				  flow_limit: 10
				  // Other project-level settings
				}
			  }
			}
		},

But it's not working.
Anyone can help on it?
Regards

knolleary · 17 March 2023 14:24

Hi @spady7

I'm not sure where you got that configuration from, but Node-RED doesn't support the idea of restricting access to particular flows.

A user can either access the editor or they cannot. The permissions model does not extend to individual projects or flows within a project.

spady7 · 17 March 2023 14:27

Uhh ok, thank you for quick reply. Is there any plan to achieve it?
Best regards