Allowing Users to Add Instance Types they they cannot instantiate because of Role Permissions

After a user asked me repeatedly to load up several images, I decided to change their role and allow Virtual Images/Full role permissions, so they could load their images themselves in self-service fashion, and remove myself as a bottleneck.

So they loaded the virtual images up, but of course there was no Instance Type/Layout to launch it, so I enabled Blueprints for them so that could indeed create the Instance Type/Layout/NodeType.

Assuming they were good to go, I went to run an errand, only to get a message that they still could not still not launch the image. I had to return back to the laptop to investigate this and figured out that the instance type was not enabled in their role. This is because their role is Custom. Everyone’s role is Custom, because we simply cannot let people have access to all of the instance types (some, like Red Hat are licensed, and there are others that management don’t want people launching without some discussion before we enable them).

So we are in this situation where, by trying to unlock self-service capability, we are still having to stop, drop and get involved every time someone loads a self-service image up because of this. I think when someone creates an instance type, that instance type should automatically be enabled in their Role permissions, even if they are set to Custom and not Full. Until we do that, we cannot truly unleash a true self-service experience for power users. Thoughts on this?