Self hosted and docker security

I’m looking to test a self-hosted version of bitwarden. For security reasons I would like to create a dedicated account and group e.g bitwarden:bitwarden to run bitwarden as.

What permissions do I need to give the group/user in order for Bitwarden to run properly but with least privileges on the system? I would rather it was completely isolated. I have my own account which is able to sudo but I don’t want to give that ability to any other account so creating a service account specifically for bitwarden seems like the best option.

Thanks in advance