You would grant the role the Server. on the servers you want them to see, run jobs, etc. so if you want them to run snapshot jobs, you grant that role Server.Snapshot on the servers, along w/ Server.Read so they can actually see the server.
Thanks Bill, my hope was that I could use smart groups of servers combined with roles & policies, but I don't see how to apply the server.snapshot & server.read (for instance) to a group of servers. It looks like I have to individually do this for every server?
I guess my question right now is more along the lines of "how do you make this supportable in a large scale environment?"
You can right click on the server group (smart or static) and choose ‘update permissions’. Then select the role and the Server permission you want to add and it will recurse.