Access configuration

When Tvheadend verifies access it scans through all the enabled access control entries. The permission flags are combined for all matching access entries. An access entry is said to match if the username / password matches and the IP source address of the requesting peer is within the prefix.

The access rules are listed / edited in a grid.

  • To edit a cell, double click on it. After a cell is changed it will flags one of its corner to red to indicated that it has been changed. To commit these changes back to Tvheadend press the [Save changes] button. In order to change a Checkbox cell you only have to click once in it.
  • To add a new entry, press the [Add entry] button. The new (empty) entry will be created on the server but will not be in its enabled state. You can now change all the cells to the desired values, check the 'Enabled' box and then press [Save changes] to activate the new entry.
  • To delete one or more entries, select the lines (by clicking once on them), and press the [Delete selected] button. A popup will ask you to confirm your request.

The columns have the following functions:

  • Enabled
    Make the entry participate in access control. If disabled, the entry is inactive.
  • Username
    Name of user, if no username is needed for match it should contain a single asterix (*).
  • Password
    Password to combine with user, if username is '*' (unused), the password should be the same.
  • Prefix
    IPv4 prefix for matching based on source IP address. If set to it will match everything. Also accepts a comma separated list of addresses.
  • Streaming
    Enables access to streaming function. The 'streaming' access is enough to make Showtime (over HTSP) work.
  • All Configs (VR)
    Enables access to all video recording functions. This also include administration of the auto recordings.
  • Web interface
    Required for web user interface access. Also gives access to the EPG.
  • Admin
    Enables access to the Configuration tab.
  • Comment
    Allows the administrator to set a comment only visible in this editor. It does not serve any active purpose.

An example

The Admin account has access to everything but is accessible from the local network only.
The Guest account has access to the streaming functions and the web interface and is accessible locally as well as externally.
The Local account has access to everything except the administration functions and is only accessible locally.

It is possible to have an anonymous user (*) but this can sometimes cause problems with authentication. For example, say you have two accounts: a guest account and an anonymous user account, the anonymous user account will take precedence regardless of the username and password used because it matches anything.

Tvheadend will not ask you to enter a username and password when an anonymous account is enabled. You can however specify the username and password when accessing the web interface, e.g. http://user:[email protected] provided your browser supports it.

Updated over 6 years ago by Mark Clarkstone.

Updated by Mark Clarkstone over 6 years ago · 2 revisions