So afterwards we have come to a better implementation / idea.
In Home Assistant there should be the possibility to restrict user access, especially the admin access.
For example: If you want to access Home Assistant via remote like Nabu Casa or with portforwarding, you should have the possibility to deactivate certain users (like the admin account)
This would allow different permissions, from the local network e.g. all users, and from remote only user X
So it would only be possible to access the GUI, which would be an increased security advantage.
Thanks a lot to @ludeeus and @cogneato . For patience, and helpful feedback.
So afterwards we have come to a better implementation / idea.
Since the whole thing is not defined in Nabu Casa the blocking should be done by Home Assistant itself.
In other words, in Home Assistant there should be the possibility to determine which users can only access Home Assistant from the local network, and which users can access Home Assistant through the Nabu Casa cloud.
Thanks a lot to @ludeeus and @cogneato . For patience, and helpful feedback.
Sorry for reviving such an old topic.
How is that implemented? We have the user that can only access from local network, but at the end of the day any admin user could change that permission, even is own
You can deactivate the admin users from external networks so that they cannot log in from outside and only non-privileged users are allowed external access