There are a couple of ways to accomplish this. Yes, the 2.0 playground database would be a way to manage these types of entries and allow you to build a filter/finder that can prevent certain actions. Another way that this can be done today, is to leverage DFM Resource Groups. This other option would allow you to easily add/remove entries and as well provide some granularity to how these types of actions are applied.
I have used the second option several times to limit WFA from being able to provision or manage objects that might be dedicated to a different customer or project. Another option that I have found useful in a current project is to label aggregates that WFA is allowed to use. For example, this project has dedicated storage and the provisioning workflows can look into any datacenter and find the associated aggregates based on a naming convention. This will limit where WFA actually places the new volumes/qtrees/exports to only be in these specific aggregates.
The nice thing about using Resource Groups in DFM is that you would also be able to use WFA to add/remove objects automatically via a workflow.