Tenants Templates visibility


#1

As posted in Tenant Access Control Issues it seems there is no way to have a single Templates folder to share among all tenants.
Now you must assign template’s ownership to a tenant group so they can see it. These force us to duplicate templates for each tenant.
Is there any way of avoid this?


#2

@gtanzillo can you review this question from @mansuamen and forward to a SME if necessary.


#3

Hello @mansuamen ,

I think that we have possibility to do it.

Let’s consider this tenant’s structure:

ROOT Tenant
—> T1 (user U1 and group G1)
--------->T3 (user U3 and group G3)
-------------> T4 (user U4 and group G4)
----> T2 (user U2 and group G2)

for displaying templates we are using so called “ancestry” strategy.

Let’s look on situation when user U3 will login with tenant T3 and group G3

when on the template will be set in group select box:

ROOT Tenant -> user U3 will see the template.
T1 -> user U3 will see the template.
T2 -> user U3 will NOT see the template.
T3 -> user U3 will see the template.
T4 -> user U3 will NOT see the template.

In other words - user will look on his all ancestor’s tenants and if any of this tenants are matching with tenant what is selected
on template - then template will be displayed for the user.

When you select a group(instead of tenant) in group select box it basically means that
you are selecting the tenant which tied with the group.

So for you case, for sharing one template among all tenants - when you will selected the topest tenant as possible or the root tenant
then the template will be shared across all tenants.

Let me now if this works for you.

Thanks!


#4

Hi @lpichler,
I have these tenants’s structure:

ROOT Tenant
–> T1
–> T2
–> T3

If I define a template’s ownership to the root tenant:

Nobody in T1, T2 or T3 tenants can see the template.
So I see no way to share a template between all tenants.

Thanks!


#5

@mansuamen let me check it again but I think that this should works and which version of manageiq are you using ?


#6

Hi @lpichler,
I’m using capablanca-2 with vmware vsphere 5.5 provider.


#7

Hi @mansuamen,

yes that’s the reason, there is no such functionality in capababca-2 yet.

This was done by https://github.com/ManageIQ/manageiq/pull/5898.

So you can do:

thanks