Comment by devilbunny

You only need separate users if you want to restrict certain features (devices, apps, etc.) to only certain users (i.e., it's more of a business thing). My wife's machines all use my username because... she lives with me; if she wanted suddenly to learn networking and computers and hack all our stuff, she could do it anyway since she has physical access.

So pretty much anyone you would trust on your LAN can be trusted with your Tailscale user. You can just log yourself into Tailscale on the kids' devices and then use the admin console to make those devices' logins never expire. They can use all the features, but they don't know your authentication method and thus can't get admin access themselves. About the only situation in which the typical home user would need multiple accounts would be if someone was physically away from you and had a new device they needed to connect to your tailnet (their term for your collection of devices, services, etc.) but you didn't want to share your password with them. If they're physically near you, you just authenticate their device and hand it back to them.