Can limit which users can submit container requests.
We want a "data cluster" where users create federated accounts and can download public data, but most users should not be allowed to run containers.
Other user limits:
Would also be useful to limit which users can run containers with network access enabled.
Might be useful to come up with a general design for expressing user capabilities.