how to create a role this is limited to registering hosts in a specific SUB DOMAIN

hello I am attempting to create a specific role that will only allow
as department ( sales) of our company to enroll to a very specific sub domain (sales.acme.com) and not be able to enroll anything in any other domain ( acme.com ) or sub-domain ( travel.acme.com)

I do see ( in the attached screen shot) a set of permission assigned to the "enrole hosts: role that seems to be what I would want to copy and modify

would I modify the "target" .."subtree" here in the attachment to include

sales.acme.com?