Authorisation Roles

[ankycooper]

Describe what you are trying to accomplish and why in non technical terms Different levels of access for different users

Describe the solution you'd like A clear and concise description of what you want to happen.

Roles:

• read-only
  • permissions:
    • live view
    • View events
    • View recordings
    • View Snapshot
  • boundary: can be scoped to 1 or more cameras/zone
  • Actors: kids/family/friends/guests/neighbors
• delegated-manager
  • permissions:
    • live view
    • View/delete events
    • View/delete recordings
    • View/delete Snapshot
  • boundary: can be scoped to 1 or more cameras/zone
  • Actors: partner/spouse
• Admin (full access)
  • permissions:
  • boundary:
  • Actors: admins

subject (user-id) / role/scope can be passed via token from IDP but has to be enforced by Frigate

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered. None

Additional context Add any other context or screenshots about the feature request here.

[rajil]

This is how ZoneMinder implements it.

[arigit]

With #1074 closed for comments, I wanted to still be able to share my use case, hoping that if one day auth (and user roles) are implemented in frigate, this will be considered as a hopefully common use case and will be covered.

I run Frigate, HomeAssistant, Zwave UI, Victoria Metrics etc in docker, all in the same home server. Each app minus Frigate allows me to use basic auth and some (HA) also define roles

The problem with frigate: huge security and usability gap, since Frigate UI is needed to access the video recordings, however the UI exposes everything allowing anyone to turn on/off video recording, change basic configuration etc. The UI is needed for regular users (my wife and kids) because video playback in the Frigate Card inside HA is hit and miss, likely due to Android not being able to play some of the clips - and also because the Frigate UI is in general much better to explore and find clips from the different cams.

The ask: please implement basic auth and at least the two essential roles; admin and regular-user. Allowing only admins to change any configuration, to start or stop detection or recordings, and not exposing those functions to regular-users.

The better that Frigate gets (and it's awesome at this point, thank you devs), the more we need basic auth and user roles.

[ns-mglaske]

Another thumbs up for this feature. (fwiw, Authorization is spelled wrong). I created the above request, which maybe is a simpler entry lift for adding some kind of RBAC without having to build user web interface forms, and using an external proxy for authentication, that provides roles via Headers to Frigate (eg. Authentik). Then later, expand upon the roles provided for more access control.

[nzkiwi68]

Another vote up for user roles.

At least admin and a view only role would be the minimum, bit I do like what has been laid out above. I have a use case for a large scale Frigate deployment to replace 4 x NVR's running ~120 cameras.

The minimum requirement would be at least 2 users admin and view only.

Recommendation: Make this a part of "Frigate +" and I'd be more than happy to pay.

Thanks for an amazing product... I now run Frigate at home having tossed out my useless Dahua NVR and now run 3 cameras including turning my backyard PTZ Amcrest camera into an AI smart tracking and follow camera (it's couldn't do that...) - all on a small N100 powered CPU with a Coral TPU. Amazing!