I am told that CSA 4.5 will have this feature. I eagerly await it.
I created a group called Admin servers that are IP addresses trusted by every host. I also installed CSA on the servers to keep them honest. It works to limit all but global events.
Is that what you're after?