Limiting visitors to certain web pages

When accessing a page locally for Node-Red you would normally use address:1880 so creating a public hostname say publicaddress with the tunneling that also works. However in relation to Node-Red it also has a dashboard that isaddress:1880/ui. We have a application set up for the admins to access using one time password. Works fine but is there a way of limiting others to the UI and not the backend so they can only see the interface (1880/ui) and not the 1880