Jump to content

Add 'web browser' to device access list


darkassassin07

Recommended Posts

darkassassin07

The ability to limit users to certain devices comes in handy, however currently you can not prevent access via the web browser.

 

This means you can not truly limit a user to access from specific devices. You can prevent access to/from emby apps (like android, or theater) but they can always log in from wherever they like via the web app.

 

I would like to be able to limit a user to one or two emby apps preventing them from sharing their account as they cannot log in elsewhere.

 

This control would limit access to the web app all together, not specific sessions/browsers.

 

 

 

 

 

As a side request, currently when a user attempts to login via an app they do not have access too they just get the message 'invalid username or password'

This would be alot more clear with 'You do not have access to this device, please contact your administrator'

Even removing their card from the users list at login so they would have to attempt manual login for that message.

Edited by darkassassin07
  • Like 1
Link to comment
Share on other sites

Web browsers can't be permanently uniquely identified, so that is why they don't appear in the devices list.

Link to comment
Share on other sites

pünktchen

Web browsers can't be permanently uniquely identified, so that is why they don't appear in the devices list.

Please read again. The OP wants to permit forbid ALL browsers and only allow specialized apps.

Edited by pünktchen
Link to comment
Share on other sites

pünktchen

That's what we already support.

 

Sorry, my mistake. Of course i mean forbid and not permit :blink:  I've corrected my post. 

Link to comment
Share on other sites

darkassassin07

How would I go about forbidding the use of web browsers? Currently when limiting device access, it specifically says this will not prevent browser access.

 

And as far as I can find there is no other option to prevent it...

 

I want to block the browser app altogether, not specific sessions.

Link to comment
Share on other sites

darkassassin07

That's what this whole thread is about, adding said feature.

 

Simply a generic 'web browsers' under the device access list for each user.

 

 

*and possibly making the message to users that attempt login from a blocked device a little more clear than 'wrong username/pass'

Edited by darkassassin07
  • Like 1
Link to comment
Share on other sites

*and possibly making the message to users that attempt login from a blocked device a little more clear than 'wrong username/pass'

 

This may be a case where a little more info would be good but, as a general rule, you don't want to provide a whole lot of information about why a security block is failing to the potential attacker.

Link to comment
Share on other sites

Oxide

I'm having a similar issue, I've allow a user access from only one device

59945ec25a73c_1.jpg

 

But they can still access Emby via a web browser  :blink:

59945eff3c243_2.jpg

 

@@Luke surely if we only allow from certain devices all other access from any other source should be denied?

Edited by Oxide
Link to comment
Share on other sites

It is explained right there on the access setup page, so you know what you're getting before you choose to the setting.

Link to comment
Share on other sites

dcook

I agree if you allow only one specific device, then no other devices including browsers should be allowed for the user.

It does not make sense to allow all browsers when you only have 1 device selected as allowed.

Link to comment
Share on other sites

Jdiesel

What about those who use a Chromecast or use the Emby web UI as a remote? IMO you should limit the number of active streams rather then the active devices.

 

Also the issue with blocking web browsers all together is that there are settings (subtitles, home screen, account management) that can only be accessed from the web browser. If something like this was to be implemented it would have to only prevent playback from a browser and not outright deny access completely. 

Edited by Jdiesel
Link to comment
Share on other sites

  • 6 months later...
blakeusblade

As outlined below...

https://emby.media/community/index.php?/topic/56177-emby-webui-permission-control/

 

I made this feature request because I want to limit my direct family members access to the EMBY app allowing media playback etc (saving device licenses).

 

I want to allow access to overseas family members to the WebUI. Only allowing library browsing and file downloading (No playing, no transcoding, or syncing). This would allow me to send URL links to family created videos to shared with overseas family members without consuming device licenses.

 

At present you have to enable at least 1 device to allow access to the WebUI (unfortunately its a 1device:1user license ratio).

 

If we had a single device representing the WebUI generically, this would serve as a solution to grant permission to only library browse and direct file downloading (Not syncing).

 

In saying this, I've just thought of a solution/workaround....

A device I never use, install the EMBY app on. Create users and grant permission to only browse and file download. Assigning them to my single device. This grants my list of users/family members to download files only while consuming only 1 device license.

 

Not the greatest workaround, but it works for me...

Link to comment
Share on other sites

  • 3 weeks later...
blakeusblade

This workaround works...

 

Simply install EMBY on a device... connect it to your server... NOTE the device appearing in the dashboard... Rename/relabel device to WebUI...  Uninstall EMBY app from device...

Assign users you want WebUI access only to the device just added... Remove users from all devices except the device just added...

 

BOOM! Done...

 

While this does use up a device license, it does get around the issue...

 

Its worth noting... That users only need to be granted access to only 1 device to access the WebUI/Webpage... By giving them access ONLY an EMBY device thats been uninstalled and nothing else, your only granting them access to the WebUI/Webpage and nothing else...

Link to comment
Share on other sites

Why remove device?  Couldn't this be a device you yourself use?  The users you assign to it won't have access to it and won't be able to use it will they?

Link to comment
Share on other sites

  • 5 months later...
darkassassin07

Has there been anymore consideration into compressing the dozens of unnecessary web app devices into one 'web app' device?

I currently have 17 'chrome'/'chrome android' devices listed in settings>devices as well as [user]>access>device access. The vast majority haven't been used in over a month (and had only been used once) but continue to clog up these lists.

Is there a good reason for splitting every single browser login into a new device? Or for keeping those devices listed for months?


Would it not make more sense to have those devices simply listed as a single 'web app'.

The only reason I can think of to want to see each web app as a separate device is to prevent access to a specific one but @@Luke has already stated they cant be permanently identified so that wouldn't be effective anyway. If you sign out of a web app and back in on the exact same browser + device it is a whole new device in emby.


In the users device access list you cant tell which browser device is which and enabling all of them still doesn't actually allow the user to use the web app (one you already use or new browsers) making them all a pointless waste of space. It would be far more useful to be able to allow/deny access to the web app in general regardless of what browser that web app is in.

Currently if you are limiting access to apps like an xbox for example you have no option to allow access to the web app at all. At least not that I can find... I have a couple users where I would like to limit their device access but I cant without denying the web app altogether which they use.

 

5b7a6c7c16982_Screenshot_20180819234438.

Edited by darkassassin07
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...