[SOLVED] Users from a group asigned to a Project/Tenant other than parent tenant can't see vm/templates


#1

I have defined my vmware vcenter as an Infastructure Provider in ManageIQ.
If a create users and assign their group to the parent tenant they can see vm and templates, but if I assign users to a group assigned to a child tenant or project they can’t see vm and templates at all.
¿What must I do to allow these users to see the vms and templates?
Thanks


#2

@dmetzger would you be able to assist @mansuamen with this question, or forward to a SME.


#3

Hi @jprause,

I have no news from @dmetzger.
Anybody can assist me?

Thanks


#4

No response because my @name was wrong so I did not get notified. I don’t have an immediate answer, I’ll take a look. @kbrock can you provide a rapid response?


#5

Tenancy is all about visibility across an organization.

The top level parent, the root tenant, has special privileges and visibility, but most organizations will want something more granular than “can see everything.” So you will tend to want to not put groups or resources into the root tenant, but rather children tenants and/or projects.

Every VM has a group and corresponding tenant/project.
Every User is in a group and corresponding tenant/project.
We are transitioning to be less group centric and more tenant centric.

@gtanzillo or @jrafanie Could either of you share how the rules across tenants work. I don’t want to pass along the wrong information


#6

Hi @kbrock,
Thanks for your reply. I understand your point as is exactly what I’m trying to do.
The problem I have is that If I define users on groups assigned to a child tenant or project they don’t see any previously existing vm or template allthough I don’t limit visibility at all on their group, only users from groups assigned to the parent tenant can see all previously existing vm or templates.
The question is how do I give existing vm and templates visibility to users on child tenants and projects?


Tenant Access Control Issues
#7

Hi @kbrock,
Forget my question, it was a problem with capablanca-1 version. I’ve installed capablanca-2 and now all works as expected.


#8

Hi @mansuamen

That makes me so happy to hear.
We still have work to nail down the visibility across multiple tenants.
Once you’ve poked around a little, please share your experiences (and cc me)

Thanks,
Keenan