Allow creating and using simple roles for RBAC in vCenter. Roles that necessarily won't exceed cloudadmin privileges.
E.g. some teams should be provided only with VM console & related access. Many of the inbuilt roles (such as 'VM console user') are unusable