Created attachment 1246597 [details]
Description of problem:
when creating a new role, there is a way to limit the templates and vm's access to user and groups or specific users.
This does not exist for containers providers and we have to limit access by tagging specific objects (which is not scalable).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. log in to cfme as admin user
2. navigate to configuration -> access control -> role
3. create a new role
4. there is a scroll for: VM & Template Access Restriction with two options: "only user and group owned" and "only user owned"
for container providers, we cannot limit permissions to objects in a cluster level and have to add tag restriction per objects
currently, it is very difficult to manage more accurate permissions to pods/containers and images in a cluster level.