Refine Owner Manager role

[mhrivnak]

• role should not be able to view users who have no org affiliation, but it can.
• should not be able to view users in other orgs that aren't children, but it can currently see 'id' and 'default_username_and_domain'
• should be able to read credential_type_name on Credentials it can already view.
• should be able to read achievement_name on AchievementAwards it can already view.

[mhrivnak]

Also need to view standard attributes of all CredentialType objects, so we can filter users based on which CredentialTypes they've received.

[mhrivnak]

For users in the same or child orgs, need to be able to see in admin_users_view these attributes:

• owned_userorgroles.organization
• owned_userorgroles.organization_name
• owned_userorgroles.role
• owned_userorgroles.role_name

[mhrivnak]

Needs the ability to view tasks owned by any org. Right now I see that an org admin for the "Consumer Dealers" org cannot see a FileDownload task owned by the "Affiliate 2" org.

[jc0n]

@mhrivnak: All of the above issues should be fixed

should not be able to view users in other orgs that aren't children, but it can currently see 'id' and 'default_username_and_domain'

These were granted by the 'User' role.