There are inbuilt roles for $U on the UVMS such as node administration and security administration and these are granted to admins. To narrow things down to a node or node view it is possible to create custom roles and apply certain permissions to objects on those nodes. One of these is called 'Submission Account' and can be set to various permission levels like 'create, display, use within launch etc'. Looks like all that is required is to apply the create flag.
Once a role is created, add this to a group, then add login to that group. Finally run full sync on the node to bring in the changes. This is done by double clicking the node (on the UVMS) and at the top click the Full Sync button (a basic sync is not enough) only takes a few sec to push the security down from the UVMS to the node.
For extra credit the name of the Submission account can be restricted by wildcards such as T* so only submission accounts starting with T* can be affected.