Cockpit permissions without sudo

Hello,

I just installed cockpit in our development environment, and by default does not grant root level perms to use all the options within Cockpit, I found the solution was to create a rules file for PolicyKit and I was able to give my Admin group root level perms allowing me to view logs, stop/start/restart services, view Subscription Info, etc. that was by granting access to org.cockpit-project.cockpit.root-bridge

So this works just fine for my group, but we have an app dev group that we would like to give some level of priviledged access to but not all access. This group should be allowed to start/stop/restart some systemd services, but not all, and view system logs.

I have tried individually adding some things from pkaction but to no avail. The only way that I have found to get these things to work is just by granting access to org.cockpit-project.cockpit.root-bridge as a whole.

My organization mandates the removal of sudo for vulnerability purposes; could this be the cause of it? I did a little test and when I added sudo back and added my group to the sudoers file it worked.

otherwise I get
cockpit-bridge[32429]: Error executing command as another user: No authentication agent found.
and
cockpit-bridge[32429]: No journal files were opened due to insufficient permissions.