Remote power control without security issue

We use MAAS to automatically setup bare metal servers for costumers.
A bad actor changed IPMI credentials. As a result, we can’t power cycle the machines anymore remotely as MAAS relied on IPMI to access power control.

It does not seem to be possible to prevent a root bare metal user to change IPMI settings.
Is the only option then to use a PDU to prevent this? Do other cloud providers use PDUs for power cycling?