[Support]: v0.17 - 'Viewer' role no longer has access to birdseye view #22148
-
Checklist
Describe the problem you are havingI updated to v0.17 this morning - thank you! I have a user with 'Viewer' permission for all cameras. Since updating to v0.17 this user can no longer see Birdseye view in the UI. If I change the user to an Administrator, the user can see Birdseye view again (and if I change the user to a Viewer, it disappears) Steps to reproduce
Version0.17.0-f0d69f7 In which browser(s) are you experiencing the issue with?Fire Tablet Silk browser, plus tested in Chrome Frigate config fileLooks like users are defined outside the config file. Can share config if needed?docker-compose file or Docker CLI commandservices:
frigate:
container_name: frigate
restart: unless-stopped
stop_grace_period: 30s # allow enough time to shut down the various services
image: ghcr.io/blakeblackshear/frigate:stable
shm_size: "512mb" # update for your cameras based on calculation above
volumes:
- /etc/localtime:/etc/localtime:ro
- /data/docker/frigate/config:/config
- /data/docker/frigate/data:/media/frigate
- type: tmpfs # Optional: 1GB of memory, reduces SSD/SD Card wear
target: /tmp/cache
tmpfs:
size: 700m
ports:
- "8971:8971"
- "8554:8554" # RTSP feeds
- "8555:8555/tcp" # WebRTC over tcp
- "8555:8555/udp" # WebRTC over udp
environment:
FRIGATE_RTSP_PASSWORD: [redacted]
PLUS_API_KEY: [redacted]Relevant Frigate log outputnone foundRelevant go2rtc log outputn/aOperating systemOther Linux Install methodDocker Compose Network connectionWired Camera make and modeln/a Screenshots of the Frigate UI's System metrics pagesn/a Any other information that may be helpfulNo response |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 8 replies
-
|
Based on the available documentation, this appears to be a change in how Birdseye access works with role-based permissions in v0.17(1)(2). In v0.17, the viewer role provides read-only access to cameras, but Birdseye is now treated differently from individual cameras in the permission system(2). The viewer role grants access to "Live, Review/History, Explore, and Export" for cameras(2), but Birdseye may require explicit configuration. To resolve this, you have two options: Option 1: Add Birdseye to a Camera Group Birdseye can be viewed by adding it to a Camera Group in the Web UI(1). You can create a Camera Group by pressing the "+" icon on the Live page and choosing "Birdseye" as one of the cameras(1). Option 2: Use Custom Roles In v0.17, custom roles allow you to specify which cameras a user can access(2). You can create a custom role that includes access to the cameras you want, and this should allow the user to see those cameras in Birdseye view(2). The configuration would look like: cameras:
front_door:
# ... camera config
side_yard:
# ... camera config
auth:
enabled: true
roles:
custom_viewer: # Custom role
- front_door
- side_yardThen assign your user to this custom role instead of the default "viewer" role(2). Note: The default viewer role in v0.17 is designed for read-only access to specific cameras(2), and Birdseye access may need to be explicitly configured through camera groups or custom roles that include all cameras the user should see. 📚 Sources: Have another question? Just tag @inkeep. |
Beta Was this translation helpful? Give feedback.
-
|
This is not a bug and is working as expected, the birdseye camera is done on the server side which means we can not guarantee that a user with access to limited number of cameras won't see a camera they don't have access to. So this means birdseye view can only be for admin users who are guaranteed to have access to all cameras. |
Beta Was this translation helpful? Give feedback.
-
|
This is improved in #22166 and should be available in Frigate 0.17.1. |
Beta Was this translation helpful? Give feedback.
Yes, as I said we did make the decision to be more restrictive for 0.17 because of the introduction of custom viewer roles. We can consider improving this in a future version of Frigate.