Similar to this thread
I can’t believe I even have to ask this. User logs in with their own account, they should be locked to their specified user.
I hate that users can switch to other users accounts and I hate that I have to have a pin on my user that isn’t really much security to begin with as anyone can see my pin as I am accessing it on the TV.
Share them regularly instead of putting them in your Plex Home and they won’t see the option to select another user.
And then they dont reap plex pass benefits.
IMO
One addition to that.
MANAGED home users should never have access to the admin user.
managed users ARE (part of) the admin user, so that isn’t really possible.
use a PIN on the admin profile
No they arn’t they have seperate user profiles to select.
The pin is partly what I am trying to get away from. It’s incredibly annoying to enter the pin with a remote and it’s so slow that anyone in the room is going to know the pin anyway. That isn’t security.
I do not disagree regarding entering the PIN (it should be like xbox and use a hidden up/down/left/right type thingie.
That said, you can always create a separate profile for yourself that isn’t pin protected (that isn’t the admin).
In any case, all managed users are just like netflix profiles.
The device still have to be log in with the admin email/pass.
The difference is if I log into someones device via a web browser they can then guess the admin user’s pin fairly easily and then have full access to the server. That isn’t acceptable.
Should be a configuration that when the admin (me) sets up a device for a managed user that the admin user can be locked out and even force that device into a single user account.
The idea of managed users and Plex Home is so you can easily switch between users sharing a device within a “Home”. If that user is independent and has no need to switch users, then they din’t really fit the intention of Plex Home. Adding them just so they can share your Plex Pass is not the intended usage.
Yeah, that’s something that’s been mentioned before.
And what I am doing here is sharing my Plex with users in the home but having users being able to use other users profiles defeats the purpose of setting up separate profiles to begin with.
And having users being able to fairly easy take control over the admin user is just absurd.
admin security should/could definitely be beefed up, this is not disputed.
not sure I quite understand what you mean here though
if you log into someone’s device using your plex account, they already have full access to your server.
pins are not secure, and pretty sure they are not intended to ‘keep out the bad guys’.
if you do not trust someone, then you should not be logging in with your account, and you probably shouldn’t be inviting to your ‘home’.
let them play the $5 to unlock their own app.
if they are family, well you can just knock them over the head.
That’s exactly my point. The whole idea behind a “managed” user is they are managed. And logging in shouldn’t automatically give full access. Maybe it needs a different login for managed users vs admin.
So the admin is setting up the device and the admin should have full control over what that device has access to. aka when setting it up, only allow it access to a single or certain user profiles and NOT the admin profile. The admin wouldn’t give their credentials to the user, the admin would setup the device for them.
Bonus would be to have device access control from the server interface.
For managed users to so easily be able to override the security of the admin account completely negates the entire purpose of having managed users to begin. For instance parental controls.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
