If you use Elmah.Mvc they have quite fine grained security settings. You can easily secure the elmah page to only be available to logged in users in the Admin group for instance.
Elmah.Mvc supports the following items in <appSettings>
<appSettings>
<!-- ELMAH configuration. Admin page only available for logged in users in
the Admin role. -->
<add key="elmah.mvc.disableHandler" value="false" />
<add key="elmah.mvc.disableHandleErrorFilter" value="false" />
<add key="elmah.mvc.requiresAuthentication" value="true" />
<add key="elmah.mvc.allowedRoles" value="Admin" />
<add key="elmah.mvc.route" value="elmah" />
</appSettings>
The keys of interest are elmah.mvc.requiresAuthentication
which switches on the user needing to be logged in. And elmah.mvc.allowedRoles
which specifies which role the user must be in.
You can install Elmah.Mvc from nuget.