Scenario: multi-tenant env.
Tenant Admins can go to Administration -> Tenant Machines -> Reclamation. They can then select a machine that was provisioned in another tenant and select Reclaim Virtual Machine. This happened with one of my customers and I just replicated the issue on a lab env.
This is what I did:
Created a user gss-tenantadmin
Added to Tenant Admins in GSS Tenant
Added to Business group in that tenant
Created a user dcd-tenantadmin
Added to Tenant Admins in DCD Tenant
Added to Business group in that tenant
Note: the users are not member of any global groups except for domain users, They are not members of Fabric Admins or IaaS Admins and have no membership of any sort in any other tenants.
Logged in as gss-tenantadmin
Navigated to Administration -> Tenant Machines -> Reclamation
I am able to view the 2 machines under the GSS tenant
I am able to view the machine I provisioned in the DCD tenant
The tenant admin should only be able to reclaim virtual machines within their own tenant.
Did I make a mistake someplace? Is this a bug with vRA 6.2?