Created attachment 1246597 [details] screenshot Description of problem: when creating a new role, there is a way to limit the templates and vm's access to user and groups or specific users. This does not exist for containers providers and we have to limit access by tagging specific objects (which is not scalable). Version-Release number of selected component (if applicable): cfme-5.7.1.0-2.el7cf.x86_64 How reproducible: 100% Steps to Reproduce: 1. log in to cfme as admin user 2. navigate to configuration -> access control -> role 3. create a new role 4. there is a scroll for: VM & Template Access Restriction with two options: "only user and group owned" and "only user owned" Actual results: for container providers, we cannot limit permissions to objects in a cluster level and have to add tag restriction per objects Expected results: currently, it is very difficult to manage more accurate permissions to pods/containers and images in a cluster level. Additional info: screenshot.