A big thank you goes to David Lefebvre for inspiration and ground work and a late session on a Friday...
This is an example of different users in different groups having access to the same virtual resources and different levels of access controls.

The set up:
The dev user is in the dev group
The operations user is in the operations group
The dev group set up:

The operations group setup:

The group share policy:

Two user rolls defined:

User role that can do very little:


Select all and then take away VM items power on/off and so on

User role that can do a lot:



Dev user definition:

Operations user:

Dev User end user session:

Operations User end user session:
