A question for server-groups is resources that are not directly referenced by the server-group (e.g. a profile) or contained by something directly referenced (e.g. a subsystem) but rather are only brought in via indirect references (e.g. a path or interface) or convention (e.g. system properties).
My inclination would be any simple system where we allow restriction to a given server-group would restrict access to such resources.
It's possible we could analyze the socket-binding-group resource and determine whether an interface is relevant. I can't see doing that for paths or system properties.