Limiting access to discovered VMs

Team quick question about governance across brownfields environments. Is it possible to limit a small number of discovered/managed vms/instances to a group so that they would only have read/readonly permissions to those bownfields entities?

I was hoping for something similar to the group access modal or even being able to define the type of instance and limiting access based on that

You can if you make them managed. If you just want to leave them discovered, then there is no way to limit access to a subset. A user can either see all the brownfield VM’s on a cloud or not

Yep, making something “managed” is really just granting explicit RBAC to those objects. Discovered state VMs can still have actions against them, but the admin is typically the only user with access to see those.