vSphere Multitenancy

Hi! There seems to be no way to limit which portgroups are visible to a tenant? I hope I am missing something:

It seems that, regardless of what I attempt, if the ESXi instances a tenant user has permission to consume can see a portgroup, then the tenant can see it as well.

I think I solved it. vSphere permissions misconfig on my end…