Security Strategy:

1. Only handle existing linux users and groups, kimchi is positioned to be a virtualization console, will not handle user management which is host level admin.
2. Two levels of privileges
            root users: console settings and virtualization resources management
                    full access to 'Host', 'Guests', 'Templates', 'Storage', 'Network'
                    all root users can see all the guests, templates, storage pools and volumes, networks no matter who created it
                    for created VMs, assign to non-root users with either an admin or user role                                       
            non-root users: manage or use VMs assigned to them
                    admin role: edit & delete their VMs
                    user role: start, stop, vnc their VMs
                    they only have access to 'Guests' tab
                    In 'Guests' tab, only list VMs that they have an admin or user role

UI Design:

root users:
        all current UI will be available.       
        for create a VM, add a section to add users with admin or user role
        for edit a VM, also has a section for add/remove/change users' access

non-root users:
        As only one 'Guest' tab, remove tabs bar and the '+' bar
        Only list VMs that they have a role on
        If the user have 'admin' role, then all current actions available
        if the user have 'user' role, then only actions 'start', 'stop', 'vnc' available