I want to create a second user for the Eisy, with limited rights/privilege . The uploaded screen shot appears to allow creating additional users, but when I try to login with new credentials if fails. So, is there another place I need to go to enable the user slot?

On 5/9/2026 at 7:42 PM, Michaelco said:

I want to create a second user for the Eisy, with limited rights/privilege . The uploaded screen shot appears to allow creating additional users, but when I try to login with new credentials if fails. So, is there another place I need to go to enable the user slot?

I'm not sure for what app you are trying to reduce rights.

But what I know is there is 2 sets of credentials, and you are probably confusing both.

The screen shot above allows to create IoX local users. We are going away from this in favor of ISY Portal credentials. So if you are logging in with an email address, that is an ISY Portal username.

To create additional portal user, go to my.isy.io, login, and click on the Users tab. Then you can add a user there.

On 5/11/2026 at 4:58 AM, bmercier said:

I'm not sure for what app you are trying to reduce rights.

I am developing a Raspberry Pi + ESP32 based control/monitoring system for irrigation wells, storage tanks, and pressure staging that needs to interface with my eisy controller.

Under certain fault conditions detected by the Pi/ESP32 system, I want to notify the eisy by setting a small number of specific state variables. Those variables would then trigger existing eisy programs for visual alerts (room light flashing, notifications), irrigation lockout delays, etc..

My main question is about limiting permissions/scope.

Is there a supported way to restrict what an external system (such as a Raspberry Pi using the REST interface, node server, network resource, etc.) is allowed to do on the eisy?

Ideally, I would like the Pi to only be capable of:

• Reading or writing a very small set of designated state variables

• Not being able to modify programs, devices, configuration, or unrelated variables

• Not having broader administrative access to the controller

I am trying to minimize the impact of software bugs or a compromised Pi system.

What is the recommended architecture for accomplishing this on eisy?

On 5/18/2026 at 4:22 PM, Michaelco said:

I am developing a Raspberry Pi + ESP32 based control/monitoring system for irrigation wells, storage tanks, and pressure staging that needs to interface with my eisy controller.

Under certain fault conditions detected by the Pi/ESP32 system, I want to notify the eisy by setting a small number of specific state variables. Those variables would then trigger existing eisy programs for visual alerts (room light flashing, notifications), irrigation lockout delays, etc..

My main question is about limiting permissions/scope.

Is there a supported way to restrict what an external system (such as a Raspberry Pi using the REST interface, node server, network resource, etc.) is allowed to do on the eisy?

Ideally, I would like the Pi to only be capable of:

• Reading or writing a very small set of designated state variables

• Not being able to modify programs, devices, configuration, or unrelated variables

• Not having broader administrative access to the controller

I am trying to minimize the impact of software bugs or a compromised Pi system.

What is the recommended architecture for accomplishing this on eisy?

I would recommend to change your approach.

It's not possible to reduce rights to the rest API. If you have a valid user id, it will allow you to do all of that.

The recommended approach would be to implement this as a plugin.

Basically, a plugin will expose nodes to eisy, and all the plugin will be able to do is expose properties and commands. It won't have access to the rest API (unless you configure it as such).

The plugin would communicate with your app on PI using the protocol of your choice - That could be a Websocket for example. The plugin would be setup in developer mode, and stay like that forever. Or, you could publish it to the production store, and sell it or offer it for free (and of course it would require the pi to be pre-installed with your app).

9 hours ago, bmercier said:

I would recommend to change your approach.

It's not possible to reduce rights to the rest API. If you have a valid user id, it will allow you to do all of that.

The recommended approach would be to implement this as a plugin.

Basically, a plugin will expose nodes to eisy, and all the plugin will be able to do is expose properties and commands. It won't have access to the rest API (unless you configure it as such).

The plugin would communicate with your app on PI using the protocol of your choice - That could be a Websocket for example. The plugin would be setup in developer mode, and stay like that forever. Or, you could publish it to the production store, and sell it or offer it for free (and of course it would require the pi to be pre-installed with your app).

Thank you - if I'm looking at is correctly, it would seem Trilife/Headrom's plugin (MQTT Nodeserver for Devices) would do what I want. Thoughts on any issues going this way?