Without a different org it will not be really simple. We do some of this but have to handle it by policy and then VCO watching to not allow violations to happen.
Please send in a request to VMware to add per storage profile rights to vCloud Director. (We have but the more that ask the better)
ChrisF (VCP4, VCP5, VCP-Cloud) - If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful