For the first part this is about creating a new RoleBinding and Role.
RBAC permissions should follow the least-privilege approach, so your rules should be scoped to give the app the minimum permissions it needs.
The second part will need some research. The Kubernetes API docs list the specs for every object, so you'll be able to drill down and find the field you need.
Need more? Here's the solution.