Description of problem:
I have created a group within settings->configuration-> Access Control accordian.  In the groups configuration I restrict the 'Hosts/Nodes & Clusters/Deployment Roles' to only allow for a specific AWS provider.  In addition, I click on 'Red Hat Tags' and select a tag called Project->Project X.  This should only allow my user to see things tagged with 'Project X'.  

I log in with a user belonging to this group.  I click on 'Compute -> Clouds -> Key Pairs' and the used can see all key pairs for all cloud providers (even though none of them are tagged)

Version-Release number of selected component (if applicable):
cfme 5.6.3.3.20161128141841_49d925b 

How reproducible:


Steps to Reproduce:
1. Create multiple cloud providers (AWS/Azure in my case) with keypairs and add as providers in AWS.  
2. Validate you can see the providers and keypairs in the UI 
3. Create a group that has access only to one of the providers and is filtered by only a single tag.  Create a user and assign that group and a role.
4. Log into the UI with the user and go to Compute -> Clouds -> Key Pairs.  You will see keypairs from both providers even through none have the tag you assigned 

Actual results:
I can see every key pair

Expected results:
I can only see tagged key pairs 

Additional info: