tvheadend/docs/html/config_access.html

<div class="hts-doc-text">

Setting up access control is an important initial step as the system initially is
wide open.

<img src="docresources/accessconfig.png">

<p>
When Tvheadend verifies access is scan through all the enabled access control entries.
The permission flags are combined for all matching access entries.
An access entry is said to match if the username / password matches and the IP source
address of the requesting peer is within the prefix.
<p>

The access rules are listed / edited  in a grid. 

<ul>
 <li>To edit a cell, double click on it. After a cell is changed it
     will flags one of its corner to red to indicated that it has been
     changed. To commit these changes back to Tvheadend press the 
     'Save changes' button. In order to change a Checkbox cell you only
     have to click once in it.

 <li>To add a new entry, press the 'Add entry' button. The new (empty) entry
     will be created on the server but will not be in its enabled state.
     You can now change all the cells to the desired values, check the
     'enable' box and then press 'Save changes' to activate the new entry.

 <li>To delete one or more entries, select the lines (by clicking once on 
     them), and press the 'Delete selected' button. A popup
     will ask you to confirm your request.
</ul>

<p>
The columns have the following functions:

<dl>
 <dt>Enabled
 <dd>Make the entry participate in access control. If disabled, the entry
     is inactive.

  <dt>Username
  <dd>
  Name of user, if no username is needed for match it should contain a
  single asterisk (*).

  <dt>Password
  <dd>
  Password to combine with user, if username is '*' (unused), the password
  should be the same.

  <dt>Prefix
  <dd>
  IPv4 prefix for matching based on source IP address.
  If set to 0.0.0.0/0 it will match everything.

  <dt>Streaming
  <dd>
  Enables access to streaming function. The 'streaming' access is enough to
  make Showtime (over HTSP) work.

  <dt>Video Recorder
  <dd>
  Enables access to all video recording functions. This also include administration of the auto recordings.

  <dt>All Configs (VR)
  <dd>
  Allow use of and configuration of DVR configuration profiles.

  <dt>Web interface
  <dd>
  Required for web user interface access. Also gives access to the EPG.

  <dt>Admin
  <dd>
  Enables access to the Configuration tab.
  
  <dt>Channel Tag Only
  <dd>
  If enabled, the user will only be able to access channels with a tag the
  same name as the username.

  This provides a very rudimentary way of limiting access to certain channels.

  <dt>Comment
  <dd>
  Allows the administrator to set a comment only visible in this editor.
  It does not serve any active purpose.
 </dl>

<p>
Let's also take a look at an example:
<p>
<img src="docresources/accessconfigexample.png">
<p>
First line gives clients originating from 192.168.0.0 - 192.168.0.255 network
access to streaming functions. Typically you would use this for your
local media players at home (All though Showtime can prompt for username & password
in its HTSP client)
<p>
The second line adds a user with world wide access who might want to modify
recordings, etc, perhaps from the job, or mobile phone.
<p>
The third line provide admin access to the 'admin' user. As an extra precaution this
user is only allowed to log in from the home network.
<p>

</div>
Add documentation framework. 2008-10-09 20:43:08 +00:00			`<div class="hts-doc-text">`

Spelling corrections 2009-11-26 21:52:26 +00:00			`Setting up access control is an important initial step as the system initially is`
Add documentation framework. 2008-10-09 20:43:08 +00:00			`wide open.`

			`<img src="docresources/accessconfig.png">`

			`<p>`
documentation updates - fix typos/misspellings in documentation - fix broken link on how to build Tvheadend - standardize on most commonly used capitalization of "Tvheadend" - update copyright year to 2013 - break up the handful of run-on lines 2013-02-21 20:49:29 -07:00			`When Tvheadend verifies access is scan through all the enabled access control entries.`
Spelling corrections 2009-11-26 21:52:26 +00:00			`The permission flags are combined for all matching access entries.`
Add documentation framework. 2008-10-09 20:43:08 +00:00			`An access entry is said to match if the username / password matches and the IP source`
			`address of the requesting peer is within the prefix.`
			`<p>`

			`The access rules are listed / edited in a grid.`

			`<ul>`
			`<li>To edit a cell, double click on it. After a cell is changed it`
			`will flags one of its corner to red to indicated that it has been`
			`changed. To commit these changes back to Tvheadend press the`
			`'Save changes' button. In order to change a Checkbox cell you only`
			`have to click once in it.`

			`<li>To add a new entry, press the 'Add entry' button. The new (empty) entry`
			`will be created on the server but will not be in its enabled state.`
			`You can now change all the cells to the desired values, check the`
			`'enable' box and then press 'Save changes' to activate the new entry.`

			`<li>To delete one or more entries, select the lines (by clicking once on`
			`them), and press the 'Delete selected' button. A popup`
			`will ask you to confirm your request.`
			`</ul>`

			`<p>`
			`The columns have the following functions:`

			`<dl>`
			`<dt>Enabled`
			`<dd>Make the entry participate in access control. If disabled, the entry`
			`is inactive.`

			`<dt>Username`
			`<dd>`
			`Name of user, if no username is needed for match it should contain a`
documentation updates - fix typos/misspellings in documentation - fix broken link on how to build Tvheadend - standardize on most commonly used capitalization of "Tvheadend" - update copyright year to 2013 - break up the handful of run-on lines 2013-02-21 20:49:29 -07:00			`single asterisk (*).`
Add documentation framework. 2008-10-09 20:43:08 +00:00
			`<dt>Password`
			`<dd>`
			`Password to combine with user, if username is '*' (unused), the password`
			`should be the same.`

			`<dt>Prefix`
			`<dd>`
			`IPv4 prefix for matching based on source IP address.`
			`If set to 0.0.0.0/0 it will match everything.`

			`<dt>Streaming`
			`<dd>`
			`Enables access to streaming function. The 'streaming' access is enough to`
			`make Showtime (over HTSP) work.`

			`<dt>Video Recorder`
			`<dd>`
Update documentation, also shift a few UI config values around and make some stuff a bit clearer. Fixes #1280. Relates #1150. 2012-10-03 00:19:50 +01:00			`Enables access to all video recording functions. This also include administration of the auto recordings.`

			`<dt>All Configs (VR)`
			`<dd>`
			`Allow use of and configuration of DVR configuration profiles.`
Add documentation framework. 2008-10-09 20:43:08 +00:00
			`<dt>Web interface`
			`<dd>`
			`Required for web user interface access. Also gives access to the EPG.`

			`<dt>Admin`
			`<dd>`
			`Enables access to the Configuration tab.`
htsp dvr access: some updates to PR #333, plugs a few holes in access checks 2014-03-13 20:40:08 +00:00
			`<dt>Channel Tag Only`
			`<dd>`
			`If enabled, the user will only be able to access channels with a tag the`
			`same name as the username.`

			`This provides a very rudimentary way of limiting access to certain channels.`
Add documentation framework. 2008-10-09 20:43:08 +00:00
			`<dt>Comment`
			`<dd>`
			`Allows the administrator to set a comment only visible in this editor.`
			`It does not serve any active purpose.`
			`</dl>`

			`<p>`
			`Let's also take a look at an example:`
			`<p>`
			`<img src="docresources/accessconfigexample.png">`
			`<p>`
Spelling corrections 2009-11-26 21:52:26 +00:00			`First line gives clients originating from 192.168.0.0 - 192.168.0.255 network`
Add documentation framework. 2008-10-09 20:43:08 +00:00			`access to streaming functions. Typically you would use this for your`
Spelling corrections 2009-11-26 21:52:26 +00:00			`local media players at home (All though Showtime can prompt for username & password`
Add documentation framework. 2008-10-09 20:43:08 +00:00			`in its HTSP client)`
			`<p>`
			`The second line adds a user with world wide access who might want to modify`
			`recordings, etc, perhaps from the job, or mobile phone.`
			`<p>`
			`The third line provide admin access to the 'admin' user. As an extra precaution this`
			`user is only allowed to log in from the home network.`
			`<p>`

			`</div>`