1) Have an instance with multiple orgs, and environments
2) As an admin Create a Role X
3) Give X permissions to read an Org OX, and permissions to read users.
4) Create a user UX and assign him role X
5) Login as user UX
6) Administration->Users -> UX-> Environments (on right tab)
7) See the list of available organizations under Default Organizations dropdown, 
  
Actual results:
Org OX shows up in the list, even though user UX can't give himself the right to register systems in any environment in Org OX.

Expected results:
Org OX should not appear on the list. In fact no orgs should show up in that list.


Rules of engagement with respect to default environments
Administrator -> Admin
User Being Modified -> X
Page -> Administration->Users -> X-> Environments


1) Admin with "create/modify users" perm should be able to see all the Organizations and Environments in drop down and update user X's orgs & environments.
2) Admin with only "read users" perm should not be edit/update orgs/environments of user X. The only exception to this rule is case where Admin = X, i.e. Admin is editing himself. In this case the Admin should be only able to see orgs & environments that Admin himself can register systems to.
3) X editing himself via top right-> <username>-> environments. In this case X should be only able to see orgs & environments that X himself can register systems to.