WEB Gui - is there a way to password protect "active" actions and keep read-only mode for all other users? (TZ-1477)

[pczekalski]

Checklist

• Checked the issue tracker for similar issues to ensure this is not a duplicate.
• Described the feature in detail and justified the reason for the request.
• Provided specific use cases and examples.

Feature description

I'm looking for a feature that at least lets me protect the WEB GUI from unauthorised users to modify the device's and network's configuration. It could be achieved either by full protection of the WEB GUI (at least with basic authentication) or, best, by providing two access layers: passive for browsing and active for developers, who might modify the device's and network's configuration.

Use cases

In laboratory scenarios, admins would like to provide regular users with open-thread network information as seen from the border router point of view (e.g., network topology) but not let them re-configure the network or the device via the WEB GUI.

Alternatives

Use of external authentication with e.g. nginx and reverse proxy, but that requires extra infrastructure.

Additional context

No response