Note - my comments are based on the assumption that you intent to monetize a security solution aimed for enterprise purposes.
There are 2 things -
- node-red - the editor
- dashboard
Node-RED by its very nature just runs and executes - only specific people (one that develops flows) require access to the editor. I don't see how this could be done in a multi-user setup, other than having user accountability with an audit trail and perhaps read-only capabilities.
That solution is already available: adminAuth settings can be customized for use with other authentication methods. If they can play easily along with today's security requirements I am not sure.
Many enterprises are moving to dynamic credential solutions like Hashicorp Vault.
The dashboard is in my opinion a different aspect/beast that should require separate security requirements and could/should have things like RBAC, but then in turn also LDAP, Radius etc integration.
But then again - if one is thinking about these complex strategies - a custom dashboard would also show up in the picture - with data as API served over http-in with custom authentication via httpNodeAuth
Note that a new version of the dashboard is in development, I don't know if security is in the scope or if it is a technology migration only.
I don't see why an enterprise would choose a custom security solution over flowforge.
Just my 2 cents.
