I am looking at the VPC patch from PR https://github.com/theforeman/foreman/pull/778 and so far it looks suitable for our needs for the time being. However, looking forward we see the potential use case for restricting users to specific subnets on a VPC.

Would it be possible to:
A.) Either limit the subnets usable at the compute resource level (via select box/whatever), and we can simply create multiple compute resources and grant users access to those,

or B.) limit which subnets on a VPC are accessible by a given org?

This would allow us to grant users access to provision on specific VPC subnets using a single VPC rather than having to have several VPC's each with their own subnet, which would become a small routing/acl nightmare for our network team to manage.