Provisioning Services to a MIQ Child Tenant?

We’ve got a very simple Tenant structure. Central operations team managing the global tenant, and user groups assigned to a department first tier tenant for self service purposes.

We’re currently planning a production deployment for a customer, which we’re thinking should be under our “Operations” tenant and a Project specifically for the customer, to allow for easy chargeback reporting. The issue we’re having is understanding how we can create a service or provision instances within the Project when our current accounts is only at the global tenant level.

I guess we can create another group and assign out privileges to the project only and switch between them in the UI, but we’d like to keep it simple, so is there a mechanism for defining the destination tenant/project for a service/prov request?

just to understand a bit about the environment.

  • will the customer have access to the CloudForms UI?

  • if so then the customer should have user accounts and groups assigned to that project, correct?
    once the customer has groups and users assigned to that project, there is a way to customize the provisioning process so that you can request a resource for one of your sub tenants/project, which will include some modifications to the OOB methods

  • if the customer will not have access to the CloudForms UI and you need to provision instances for that tenant, then the simple out of the box method is to create groups and assign them to that tenant/project, add your global accounts to that group, then switch the active group from the UI when you need to request a resource for that tenant/project.

please update me on which direction you will be going with so I could add more details if required.

@gtanzillo @lpichler Can you help here?

I believe the only way to ensure that the resulting service lives in the child tenant is to order it as a user in that tenant. With that you’d need to create a group and users in the child tenant for that purpose

Hi all, thanks for your input. I had suspected that i’d need the users in the Project/Tenant and it was the only option rather than major provisioning process changes, thankfully its not a blocker for our internal implementation rather just a slight change to how we operate.