Our organization is actively testing an ArcGIS Enterprise solution and we plan to build many federated servers to host 'user managed data' (think file geodatabases or Enterprise geodatabases that are usually part of some sort of data standard and have a fairly defined data lifecycle). The federated servers may be setup based on our organization units (think a server for each major 'office' or 'program') and we plan to setup the federated servers with Restricted Publishing to prevent staff from 1 office to publish in another offices environment - reference: Administer a federated server—Portal for ArcGIS (10.6) | ArcGIS Enterprise
This is all fine so far, and allows us to restrict our publishers so they only have access to the server we have setup for them, however it seems that a member who is in a portal role that has the publish server-based layers privilege granted can publish to the hosting server.
A couple of our staff members (including myself) have inadvertently published to the hosting server and as a result, the memory utilization was quite high causing cascading performance impacts.
Hence the question:
Is there a way to setup the hosting server with 'restricted publishing' like you can a federated server?
Basically want to restrict any 'federated services' and designate this server exclusively for the hosted services.