Node-Red security (LockDown)

Hello,

i am rather new to this platform. I was wondering if there is a way to LockDown Node-Red, meaning:

  • Certain users can do certain stuff, but others can not.
  • Each action/change can be logged (with if possible by which user)
  • A fixed palette, certain nodes within certain palettes need to be disabled (and stay disabled to all users) and no new nodes may be added... via the palette manager.

Is this all possible?

Thank you for the support!!

Best regards,
Sebastien

Hi @MisterDraegus

there are a few security options available, as described here: https://nodered.org/docs/user-guide/runtime/securing-node-red

Certain users can do certain stuff, but others can not.

The permissions system in node-red allows you to give some users read-only access and some users full write-access. We don't yet expose more granular permissions in an easier to use way. What level of access control were you hoping for?

Each action/change can be logged (with if possible by which user)

If you turn on the 'audit' logging in your settings file you'll get some of that.

A fixed palette, certain nodes within certain palettes need to be disabled (and stay disabled to all users) and no new nodes may be added... via the palette manager.

You can disable the palette manager entirely by adding the following to the editorTheme property in your settings file:

editorTheme: {
   palette: {
        editable: false
   }
}
1 Like