To answer your other questions,
1. The user that installs should have enough privilege to register a service with VMware Lookup Service and create another user. I think using AD as an identity source should be fine.
2. No, currently not. All users will see the console and shared actions. Adding fine-grained control over who can access what functionality is one of the features that are at the top of our list.