#Understanding Overview dashboard and why it seems to be essential that all users can view/edit it.

I had been developing my own node-red home control system for years and had heard about Home Assistant, but only recently started looking into it. I have become convinced that this is the BEST home automation system out there in terms of being able to integrate so many devices into one control panel. I took the plunge and completely installed and migrated everything over. I have run into one snag.

For the life of me, I can't figure out why so much effort has been keeping control of the Overview dashboard in the hands of every user, including non-admins. I have looked into browser_mod and kiosk-mode.js (because kiosk-mode was removed). It appears that at best, you can only hide the Overview dashboard, but anyone with any browser savvy can bypass using direct urls.

I'm sure I could go in and hack away at lovelace myself, but I'm trying to understand the logic. I like having the overview dashboard for seeing new devices and quick view of the status of all devices so I don't want to get rid of it and I don't see why the only option to keep users from seeing it is to delete it so admins can't see it either. There are options for every other dashboard to be admin only. Again, I'm trying, at this point to understand the logic. I would compare it to allowing everyone ssh access with root on an otherwise secure linux box and the only way to maintain security is to remove ssh.

Again I'm not complaining. I'm just trying to understand.

If there is something I have missed, and there is actually a way of making Overview admin only, please let me know. I don't want to just hide it. I want users to only be able to see and interact with a specific dash board with no abilities, hidden backdoors, security holes, etc.

Thanks to everyone for such a great project!

I would venture to say that the Overview dashboard is not really intended for every day use. It is just a quick compilation of everything available within HA. When just starting out, there isn't much available, but, as the system grows, so does the Overview. It will grow pretty much to the point where there is just way too much shown, most of which may not even need to be seen. The Overview dashboard can be deleted without any negative affects on the system.
In terms of security, HA does not have any real user access control. It has basic user authentication. A rebellious, tech-savy teenager could easily navigate around the system, if they really wanted. Like you mentioned, browser-mod and kiosk-mode are options but can still be easily bypassed. (I run both and it is useful to know how to bypass them when you lock yourself out of something; speaking from experience.)
You'll probably want to look more into designing your own dashboard which shows what you want seen and how. I'm assuming you used the NR dashboard so it wouldn't take much to make something similar in HA. Browser-mod and kiosk-mode will add a layer of "security" by hiding the sidebar, headers and whatnot. But, long story short: don't worry too much about the Overview dashboard; remove it if you're concerned about it.

How do I delete it?

@woven lava

You can "take control" of it and just delete everything if you want.

At least one dashboard named overview must exist (as that is the default when logging in when no cache), but its content is up to you.