Security Restriction on Business Roles (SAP Hybris Marketing/ Fiori FrontEnd)

Greetings,

We have a requirement for administrators to display & assign only client specific "business roles" to end users in SAP Hybris Marketing (Front End Fiori).

Currently, the admin after logging through SAP Fiori front end can view & assign any role (both standard plus custom) to the end user after selecting "Business User" tile from Business Administration Option. In order to achieve specific client security standards we want to restrict this option to only specific roles.

I checked the standard authorization objects S_USER_GRP & S_USER_SAS to specific values but this does not prevent admin from viewing and selecting only specific custom roles. The admin can view & select any roles from the drop down list and assign it.

Please advice.