Restricted user for working nodes in portainer does not work

Hi, I created a swarm setup with 3 management nodes and 4 worker nodes. I use portainer as user interface. Inside portainer I created some users - administrator users and resticted users. Some of the restricted users should only have the possibitity to deploy new container on the worker nodes. In portainer I created a team of these users and in menue “endpoint” - “manage access” I created the acces for the users only for the worker nodes. If the restricted user log in in portainer he also can only see the worker nodes. This step seems ok for me. If the resriced user will deploy a new container under menue “containers” - “add container” he got in section “deployment” a selection box for node selection. The problem is the restricted user see now all nodes (management and worker nodes) of the swarm. Not only the worker nodes are accessable for him. It is possible for him to deploy the new container also on the management nodes. Drain the management nodes on the swarm is not an option for me because the drained management nodes are shown in portainer as “down”. Is this an bug? Any workaround exists? How can I overcome this problem?