Using "Project/Tenant" to restrict group acces to specific Cloud Provider tenants

We need to give access to our users based on Cloud Provider Tenants.

Each user must have access to a group of tenants in more than one Cloud Provider.

Actually this permissions are ensured with instance tagging but it creates quite problems:

  • we need a task to tag new instances every minute
  • assign a new tenant to some group is a manual and tedious process

In Capablanca we can do Access Control based on “Project/Tenant”. This can help us?

We was able to assign a “Project/Tenant” to one group, but who to assign
a group of OpenStack tenants (from different OpenStack Cloud Providers)
to one ManageIQ Project/Tenant?


@dmetzger can you review this question from @manel and forward to a SME if necessary.

@gtanzillo need an assist from someone familiar with tenants & permissions.

There are any docs about this new feature?