Most of the HSM, quota, and remote directory operations are checking CAP_SYS_ADMIN, which is a grab-bag of different administrative capabilities. It would be more useful and secure to use CAP_SYS_RESOURCE to control access to this functionality, since these are directly related to managing storage capacity and allocation.

/* Override resource limits. Set resource limits. */
/* Override quota limits. */
/* Override reserved space on ext2 filesystem */
/* Modify data journaling mode on ext3 filesystem (uses journaling
   resources) */
:
:
#define CAP_SYS_RESOURCE     24