Permissions can be fairly granular in vROps. You can restrict them to a single cluster or group of VMs. This should work well for read only or general user access. If they want any level of admin access in vROps, for example to manage the policies for their cluster or add management packs, then you'll probably need to have two vROps instances. If you're unsure and don't mind managing a second vROps instance, that might be the safer option. It gives you some flexibility down the road if they want more control in vROps (if you think that could be an eventual outcome). If not, one vROps with separate user groups for each cluster should be fine.