Currently, anyone can access Jarvis, I would like to limit access, on role basis.

According to ioBroker/ioBroker.vis-2#94, it is feasible, in principle.
I could not find anything if the architecture of Jarvis allows permission management.

An example Venetian Blinds controlled by e.g. Shelly Shutter there shall be the following roles

• admin
• configurator, allows two replace devices, rename, add function
• technician (for the blinds), allowed to start recalibration, set time value for a full movement of the slats
• user, close open blinds