Flow Security, If, then How can it be done?

Hi, did anything come of this?

As I become responsible for more (node-red) integration I find scenarios where I would like to lock down a TAB but permit another user (e.g. 1st line 24/7 support operator) to log in & view/debug the flows and perhaps even allow modification of permitted tab(s).

Mock scenario - support member could view and operate debug/injects on TAB1 but not TAB2 however via permissions, he can look at and inspect TAB2. If so permitted, could be permitted to modify TAB1...

Another scenario I face - I write the complex logic and processing on 1 TAB (this must be locked down to protect the process) but there is no reason a support member cannot be permitted to add items to a setup (change node) e.g. fill in a list IP addresses to poll on separate TAB. Yes this could be completed on a separate instance and transmitted via HTTP/MQTT etc however the added complexity and components somewhat muddy the waters.

Is there anything in the works or under consideration?

I do realise this will be quite involved and require much more thought, discussion and consideration than my 20 minutes preparing this response this but I am interested to know if this is something under consideration or currently in development?

Cheers, Steve.


inner voice / thoughts...
I realise much of this could be achieved by a dashboard or MQTT/HTTP to external application however, node-red itself is a very good tool in terms of visual comprehension and being able to see where a problem stems from (chasing the debug messages) can give a greater insight to the issue at hand

1 Like