Yes, this is why I decided to include a security feature in uibuilder itself though I generally recommend that people use an external service to do authentication. The idea being to have the simplest viable security service available out of the box. It will only be useful for a relatively small number of users/groups out-of-the-box but can then be relatively easily expanded without having to amend the node-red flows or front-end code.
Anyway, I am back making some (painfully slow) progress on the security logic and I'm hoping to have a much better security feature set in uibuilder v4.2 which will be the next feature release.
