Yes, you are right. I dont think you will be able to specify resources to the individual users and restrict the resources. You will be able to assign the roles Operator, Storage Administrator, OnCommand Administrator and Event Publisher to the users and restrict the level of access to these users.
This link should give some information on the roles and RBAC:
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.