ownership for zones and pools/subnets/containers

[miesi]

This is a request for comments to find out, if the feature is wanted and in what way it could be implemented. It is an idea and it might be a bad one. So don't hold back with feedback.

It sometimes happens that subnets get shared by multiple teams because of historical reasons (team split, team merges, service moves, ...).
In these cases it sometimes happens that the "foreign team" has problems to figure out what they are allowed to do to avoid breaking production systems of the other team.
Maybe the owner team has rules in place where services should go in the provided space.

Would it be possible for these cases to:

1. Set an owner on a subnet
2. Let the owner define permissions for groups on specific resources in the pool (dns entries, single ips or containers)
3. Remove the permissions when an entry was deleted

These rules would the "foreign team" allow to still change their entries but on the other hand force them to move their services into their own networks/zones to make a proper split.

This would also open up a way to enforce the removal of systems out of old subnets which are already deprecated.

[miesi]

pools have "owning-usergroup" with ldap uid