User Authentication and Administration

I am new to node red. Its an amazing way to program. However, I am not able to figure out how auth and access/account management can be done with node-red. I have read bunch of blogs, but they all seem to talk about updating settings.js, which is for admin level security with a single username/pwd.

What I would like to know is providing access to large number users/customers with various levels of access, so allowing secure username/password access to dashboard that show relevant customer data based on login information, allow device management etc. \

Would greatly appreciate guidance.

Hi and welcome to the forum.
This question has been asked maaaannnnnyyyyt times.

You should search this forum.
Put simply, It's not possible with the current dashboard for reasons I won't go into here.

As Steve says, Dashboard simply isn't (yet) designed for this.

With uibuilder you loose the pre-built structures that Dashboard provides but I have included the ability to include middleware on the server side. Such middleware would allow you to use something like Passport to create the security that you need.

Bit of a learning curve required though I'm afraid.

Thanks so much. BTW a quick question, given what you stated above does it even make sense to use node-red (dashboard in particular) for commercial IoT soln? I like a programming model and available nodes to put things together, but if it can't be used for commercial purpose it may not make sense to explore further ... I just thought it was being extensively used.

Thanks again

Well plenty of people seem to be doing so. I guess it depends on the specific use-case.

The downsides of Dashboard are well documented. Mainly that it is a very large app that has to be loaded and that the very same structures that make it so easy to get going with Dashboard can, sometimes, end up being too restrictive.

That was the reason I designed and built uibuilder.

It would be great to have something in the middle of course and some people have started work on such tools. I've also some ideas that will, if they work out, will let you have widgets (probably VueJS based) that work with uibuilder giving you something easier to work with while maintaining the kind of flexibility that you might need for building secure UI's for specific commercial use.

Of course, you also need to think about security and risk when selling commercial systems. Thankfully, Node-RED is now pretty battle tested and some organisations have done security testing on it - though nothing publicly available unfortunately.

You've hit a specific issue which is unfortunate. There are a couple of choices right now:

  • Contribute a change to Dashboard to enable multi-user authentication and authorisation.
  • Use uibuilder or similar - possibly contributing (or not) some widgets

Did you investigate cloud platforms like IBM cloud and FRED ?