Problem
Non‑admin users in the Logbook and History views can call any service on any entity – effectively gaining admin rights. This is a serious security hole: a user could, for example, shut down your Home Assistant instance or perform other unwanted actions! 
Proposal
- user – sees and searches only the entities present on their own dashboards, and can call services only on those entities
- admin – retains full access to all entities and services
Why It Matters
This issue has existed since almost the very beginning of Home Assistant. Workarounds like hiding Logbook/History are cumbersome (no “one‑click” button) and strip away useful history‑view functionality.
Call to Action
Please upvote and leave a comment to draw the core developers’ attention to this long‑standing security problem!
