Disable oneadmin account for external connections

Is it possible to disable the use of oneadmin for external connections, and to limit it to known and trusted ip addressess?

The oneadmin account is running all the backend processes, so it is not feasible to do without it.
Since our OpenNebula is a public service, we want to limit access of this administrative account.
So far we did not find a solution to this situation.

Is it at all possible?

We are currently using 5.2.1.