AdminAuth Default Group Read Only access

I'm wondering if you can give users (everyone who isn't logged in into admin) permissions to only read the file.
If I follow the Securing Node-RED file I don't get the right thing because the default user group can still make changes, but they can't manage the palette etc.

This is what I have in my settings.js:

adminAuth: {
        type: "credentials",
        users: [
            username: "loran",
            password: "$2b$08$BqucBnG7WuGzs.lhSmmnmeL7X80G4Igin8IvMzZ95qsJ/0aWwdUky",
            permissions: "*"
            default: {
        permissions: "read"

Have you tried deploying any changes as a default user?

read-only permission doesn't stop them from making changes in the editor... they just can't deploy those changes to the runtime.

Yes, i found that.
Is there an option that they can't make changes in the editor?

No, permissions are enforced on deploy

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.