Hello,
I have been playing around with vCAC 6.0 on my lab environment, and have some questions related to multi-tenancy configuration with separate infrastructure.
In the documentation, there is a section that explains the difference between single-tenant and multi-tenant configuration, and within multi-tenant, the section explains two different configuration - one with shared infrastructure configuration, and one with separate infrastructure on each tenant.
I was able to install all the vCAC 6.0 components, and have been playing around with assigning Tenant Admin and Infrastructure (IaaS) Admin permissions on different tenant. I added the vSphere endpoint (vCenter) to the default tenant (vsphere.local) configuration, and then created the fabric group. Then I logged out, browse to the URL of the other tenant (calling it "LAB Tenant"), and logged in as an IaaS Admin. What I found was that the IaaS Admin from LAB Tenant could see and edit the configuration details of the endpoint/fabric group/credentials configured by IaaS Admin in default tenant. Surely, the IaaS Admin from the other tenant shouldn't be able to mess around with the settings done by IaaS Admin in the default tenant?
I also found that when I added an endpoint/fabric group/credential config for a non-default tenant (calling it "Tenant 1"), and then logged in as an IaaS Admin from another tenant (again, non-default, calling it "Tenant 2"), the IaaS Admin from Tenant 2 was able to edit the endpoint/credentials/fabric group configuration made by IaaS Admin in Tenant 1. This brings me the question of just how isolated the infrastructure configuration is between tenants in vCAC. Is the Infrastructure configuration supposed to be shared like this?
Thanks in advance