How could we allow non-root users to control a systemd service?

Just add all needed commands to sudoers separately:

%webteam cms051=/usr/bin/systemctl restart httpd.service
%webteam cms051=/usr/bin/systemctl stop httpd.service
%webteam cms051=/usr/bin/systemctl start httpd.service 
%webteam cms051=/usr/bin/systemctl status httpd.service

@jofel's answer was exactly what I needed to get a working setup. POsting this for anyone else stumbling on this question. I needed a way to have capistrano restart my Ruby application after deploying from my local machine. That means I needed passwordless access to restarting systemd services. THIS is what I have and it works wonderfully!

Note: my user and group is called deployer
Put code in a custom file here: /etc/sudoers.d/deployer
Code:

%deployer ALL= NOPASSWD: /bin/systemctl start my_app
%deployer ALL= NOPASSWD: /bin/systemctl stop my_app
%deployer ALL= NOPASSWD: /bin/systemctl restart my_app

Create a command alias with the commands you want them to have access to. Then assign the group to that command alias:

Cmnd_Alias APACHE-SVC = /usr/bin/systemctl stop httpd, /usr/bin/systemctl start httpd, /usr/bin/systemctl restart httpd

%webteam ALL=APACHE-SVC

It is also good practice to place any edits in your /etc/sudoers.d/filename rather than directly editing the sudoers file. Make sure to point to your .d/filename in the sudoers, which most new distros do anyway. Placing these 2 lines in your sudoers should do the trick:

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d

Note: That # in front of the includedir is not a comment. It must remain.