Resource groups are one or more DevTest Servers or VSEs. Define resource groups to determine the resources that a user or a project can access.
 
If you have a small environment, such as a site that has a local registry and a VSE, you must set up resource groups to control access such as restricting VSE-specific access. However, you may want to set up Resource Groups to limit the access between your Production and your Development group.

The Super User role should not be assigned to any Resource Groups, since it needs access to all resources.

You should only create Resource Groups for those users that need the limited access.

This example of for use with 3 VSEs with the role of SV Power.

Create 3 VSEs as per the KB-  https://knowledge.broadcom.com/external/article/234858/how-to-run-multiple-vse-simulator-coordi.html

 VSE1
 VSE2
 VSE3
 
Create 3 new roles  in IAM. 
SV Power1
SV Power2
SV Power3
 
In the Portal, Create 3 Resource Groups:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/devops/devtest-solutions/10-7/administering/security/access-control-acl/resource-groups.html

 
One that contains just VSE1
One that contains just VSE2
One that contains just VSE3.

In order to have certain users assigned to particular VSEs, you will need to request the 3 additional groupDNs created in your Active Directory.

In IAM,  once the LDAP groups are added,  you would map the Roles for those particular groups

Users can then log in to the Portal or Workstation and have access to only the resources they need to have access to.