I have a use case where I want to restrict the user to see only the VMs/Services that he owns, but to be able to provision using any template that belongs to the group.
I can achieve the first objective by setting Configure->Configuration->Access Control, and setting the appropriate role’s “VM & Template Access Restriction” field to “Only User Owned”.
However, by setting this option, all images will become invisible to him because he doesn’t own any of them. These images may be group-owned, but they are still complying to the “Only User Owned” restriction I set earlier.
Is there any way I can achieve what I want?