We would like to restrict site administrators / contributors to give access to list and libraries to just specific group of people and not just every user in Active Directory. We have multiple re-sellers (site administrators / contributors) with their own site and each re-seller have their own customers (readers). We don't want re-sellers to view users in AD and give rights to their assets to customers of another re-seller.
How can we accomplish this?