Right now all users of a meshProject are allowed to operate on service instances. While a service broker can implement its own RBAC logic to validate user requests, it would be preferable that meshStack implements this in meshMarketplace.

Project Readers: read only on service instances

Project Contributors: read/write

Project Admin: read/write