are you trying to cluster the app server  or partition the system resources? because what you ask is clustering but the note you pasted at the end is about partitioning,

answer to clustering is obvious so I make an assumption that you want to do the latter (partitioning). I have a few suggestions:

1) one solution  would be use to app server partitioning. this bounds to the functionalities that the your app server provides when partitioning the app server. every partition is configured to have its own set of resources and security  configuration. this seems to be a flexible solution

2) however depending on your deployment strategy, you might also want to use the OS capabilities. in unix based systems, you might consider 'zone' or 'rbac' and to deploy the app server on different zones and that will give you the freedom of configuring zone specific  privileges which would then be specific to the app server deployed on that zone

3) another thing that comes to mind is to do this on an ldap server to dispatch the requests to appropriate set of functionalities. but this means to actually implement the dispatcher for this on ldap server. this solution seems to be a bit exhaustive but you might get benefits of specific implementations of ldap that has this built-in

some might say to enlist privileges in deployment desc, which I guess could be a bad idea  cause it might screw up the functionality flows and it is hard to control