Can't choose vlan when template access is given through tags


When I give access to a template through tags to a specific group, there are no options for selecting a vlan available. It just says “”. It does work though when I set the “VM & Template Access Restriction” to “Only User or Group Owned” for the role that the group is using AND I remove the tag. If I set both the “Only User or Group Owned” for the role and I have the tag set for the group, it doesn’t work. Any idea what’s going on? I am running capablanca-2.20160502160939_d083ab5



@dclarizio can you review this question from @com6056 and forward to a SME if necessary.


We found that when we do a tag restriction - prov_scope:all for example - we also needed to add tags to the hosts for the networks to correctly populate. (datastores too btw) You will still see your VMs if the User or Group Owned field is selected and the VMs are owned by the user/group.

In another configuration of access control we had to set Tags, Hosts, and VM folders to allow people to see their VMs and correctly provision.

IMO - the access control story in MIQ is very unclear when you try to handle multiple groups (imagine departments) with multiple roles for each. If you find any good resources for modeling this behavior please post links here.

Edit: My comments are regarding CloudForms 3.2 (cfme 5.4). We will be look at Tenant behavior when we look at upgrading to 4.1.


That did it! Thanks! Do you by any chance know how to have a specific VLAN be the default selection in a VM provisioning dialog? I tried setting “:default: VMName” where VMName is how it shows up in the dropdown for choosing a VLAN, but that didn’t seem to work. Thanks again!