I have resolved to using the very limited security features of UMS, and found out that security access through renderer uuid does not work as it should.

Renderers whitelist not being remembered:

When using default: block all, I will try to connect my devices to UMS, have it appear as blocked in the Home tab, then change it to "allow device".
After some time of disconnecting the device and reconnecting, the device appears again in the Home tab as blocked. This only happens after the device 'disappears' from the renderer list, and reappears, or when the server restarts. This should not happen, since from testing IP address filters stay throughout.

Due to this, I forgo-ed this method of filtering, and used IP address filtering to allow/block devices, which still does not fix the next problem.

Renderers user accounts not remembered for folder access filter:

I am giving folder permissions to renderers according to user accounts "user1", but after assigning, and then restarting the server, the devices that are in the home tab defaulted to having "no account assigned".
My setup is to have to "network wide" and "private" folders, this bug is making the servers not "remember" my devices, and only see the "network wide" folders every time. This is a consistent issue.

The current UMS does not allow ip address to be assigned accounts, so no work around for this issue.

My setup

Currently I have Network: Block all, Renderers: Allow all.
I found that IP filtering works as it should, and is consistent, but the current UMS does not allow ip address to do folder based access filtering.
So I am stuck with this setup, a simple allow or block per device, and every device on the network can see every user's media once they are allowed in.

Looking at the .conf file, both these lines are filled in:
network_devices_filter =192.X.X.X...
renderers_user = {|dec92006-df64-XXXXXXXX...
This means the renderer whitelist filter should work, but somehow just doesn't.

If the renderer way is not consistent, I suggest to also add a "user account" per network ip address, since right now we only have the option "allow or block" ip to access the media server completely. Maybe UMS can do IP filtering better than uuid renderer filtering.

These are all the privacy/security options I found the UMS has after extensive research online.
UMS.code pin method DOES NOT work, as a few users have also mentioned (the UMS security and privacy page probably is outdated). The pin code method also does not make sense - since most dlna/upnp players on like phones have options to input passwords for playlist folders.

From reading, these security features are still in development for many years, according to sources such as https://universalmediaserver.com/forum/viewtopic.php?t=14880
So far, while limited, I can see there is active development of such features with the quite recent addition of the allow/block all filters through IP addresses.

Folder based access should be the next step, and right now my experience with it is rather half-baked.