It’s a feature that’s often been requested, but hasn’t appeared yet. The best option out of the box is creating non-Administrator users and then creating custom dashboards and panes per user with only the controls they need.

But that doesn’t stop a user from poking around still, because they can still access all devices and entities through features like the Logbook - which is always accessible because sidebar items can’t be controller per user.

There are some HACS bits that might be able to lock things down a bit further, like Kiosk and Guest modes.

I’ve heard some people get round this by setting up inebriations with Apple/Google/Amazon ecosystem, only exposing the desired entities/devices, and then giving others access to those and keeping them out of Home Assistant altogether.

It’s a feature set I wish they would add/expand, I’m sure anyone with a home office and mischievous children would agree.

there is a feature request with a lot of good comments on their forum. The summary of the last time I checked it was on the lines: “it is a reasonable request but it is terribly hard to implement it correctly and since we currently have no capacity to do it we prefer leaving it not implemented instead of offering any alternative which could give a false sense of security”

There are basic, basic permission controls and hiding info from non-admin users. But it’s nasty for a big setup.

I imagine it would be implemented in the future, but priorities aren’t there yet.

I agree though, would be a nice feature to have.

Ugly hack that I’ve done: setup a completely separate HA instance, then sync only the components that the user needs using remote ha

What I would do is install kiosk mode from HACS. Build a dashboard for them that only shows what you want them to see, then add kiosk mode so they can’t access the menus. Set it as their default and it should be fine

Don’t you have a PIN on your phone at all?