Survey on a New User Management Application for Node-RED

Note - my comments are based on the assumption that you intent to monetize a security solution aimed for enterprise purposes.

There are 2 things -

  • node-red - the editor
  • dashboard

Node-RED by its very nature just runs and executes - only specific people (one that develops flows) require access to the editor. I don't see how this could be done in a multi-user setup, other than having user accountability with an audit trail and perhaps read-only capabilities.

That solution is already available: adminAuth settings can be customized for use with other authentication methods. If they can play easily along with today's security requirements I am not sure.
Many enterprises are moving to dynamic credential solutions like Hashicorp Vault.

The dashboard is in my opinion a different aspect/beast that should require separate security requirements and could/should have things like RBAC, but then in turn also LDAP, Radius etc integration.

But then again - if one is thinking about these complex strategies - a custom dashboard would also show up in the picture - with data as API served over http-in with custom authentication via httpNodeAuth

Note that a new version of the dashboard is in development, I don't know if security is in the scope or if it is a technology migration only.

I don't see why an enterprise would choose a custom security solution over flowforge.
Just my 2 cents.

2 Likes