OctoPrint doesn't serve the webcam stream itself, or interacts with your webcam directly.
Instead it only embeds webcam streams in either
hls format in the web frontend and consumes snapshot URLs provided by an external webcam server, most commonly mjpg-streamer as also included on OctoPi.
Because OctoPrint doesn't serve the webcam stream itself, cannot possibly control access to it. Even when it doesn't embed it on its UI, either because webcam integration has been disabled or because OctoPrint's permissions don't include webcam permissions, nothing would keep anyone from just guessing your webcam's URL and accessing the images or stream that way. If you want to limit the access to your webcam, you need to do this a layer above OctoPrint, e.g. your reverse proxy (haproxy on OctoPi) or your router's firewall.
Remote control of the webcam server mjpg-streamer as bundled with OctoPi to enable/disable it from the system menu as needed can be achieved via configuration of additional system commands, e.g.
system: actions: - name: Turn camera on action: camon command: sudo service webcamd start confirm: You are about to start the bundled webcam server. - name: Turn camera off action: camoff command: sudo service webcamd stop confirm: You are about to stop the bundled webcam server.
Proper network security management is not OctoPrint's job, there are way better tools for these kind of tasks. Do not blindly expose your OctoPrint instance on the internet or any other hostile network you don't have full control over.