Sorry.  I am a little confused by your explanation.

1. You have a XaaS Blueprint that is entitled to the user.

2. A request of this blueprint takes in values that fulfill a server request--to include Business Group (subtenant reference)--and it runs a workflow (inside the XaaS workflow) to make a request for an IaaS Blueprint that is entitled to the user in multiple business groups? (So you are running something similar to "Request a catalog item on behalf of a user" -- using the passed user credential?)

3.  The IaaS blueprints are entitled to the user, but they do not show up for the user?  That is a strange condition.  How are you doing this?  I know of one way with a services hack.

The two items you have in the image.  These are IaaS blueprints, correct?  If you click request on each one individually... they deploy in the first business group and it's associated reservation consistently?  Or are you saying that when you run the XaaS Composite Blueprint... it does so?

If it is the "Composite" blueprint, are you sure that you are getting the correct Catalog Item target?

For example, I could see a condition where I end up calling this Catalog Item twice from a XaaS blueprint, when I think that I am calling the one on top first and then the second one second.

I just want to make sure that this is absolutely true...where you say "use" here... you are talking about clicking the "Request" button on the IaaS Blueprint Catalog Item shown in the picture?

"I use the Infrastructure catalog item to request a server named TestVM1, and I use the IT Operations catalog item to request a server named TestVM2."

To clarify:

1) The catalog item in the screenshot in my prior reply is an XaaS blueprint.

2) This XaaS request takes in user and server specific information such as server name, server size, server category (dev, prod, etc.), username to be created, password, etc. I have a predefined vCACCAFE:CatalogItem defined which points to an IaaS blueprint. The workflow gets the request object, modified some of the data, then submits it.

// Get the provisioning request for the catalog item

var request = vCACCAFERequestsHelper.getProvisioningRequestForCatalogItem(catalogItem);

// Get the provisioning request data for further manipulation

var requestData = vCACCAFERequestsHelper.getProvisioningRequestData(request);

var jsonData = JSON.parse(requestData);

// ---------- Do some other things here

// Add the request data to the provisioning request

// System.log("New requestData = " + JSON.stringify(jsonData));

vCACCAFERequestsHelper.setProvisioningRequestData(request, JSON.stringify(jsonData));

// Submit the request

result = System.getModule("com.vmware.library.vcaccafe.request").requestCatalogItemWithProvisioningRequest(catalogItem, request);

3) The whole process I'm using to hide the IaaS blueprint is as follows:

   1. Publish the IaaS catalog item to a service.

   2. Entitle the user to both the item and the service the item belongs to. (At this point the IaaS catalog item shows up in the request portal.)

   3. At this point I'm able to assign this blueprint to my workflow. (See screenshot below)

   4. Now I go back to my service in vRA and remove the IaaS blueprint from the service.

At this point, my XaaS workflow can still get the request and submit it and my user is still entitled to the IaaS workflow, but it no longer shows up in the request portal.

Okay... I follow.  I have seen the services hack before.  (Steve came up with it I think.)

Couple of things you probably already tried...

Syslog the "catalgogItem" organization (business group) before....

               var request = vCACCAFERequestsHelper.getProvisioningRequestForCatalogItem(catalogItem);

To really make sure that you have the correct business group... and not some unexpected behavior.

You are getting this value in your json string Syslog, but I would just really make sure that the request is going in with the right organization.

If you request the original IaaS blueprints in each business group... they do go into their business group, correct?

This would probably mean that there is some sort of issue with the RequestsHelper, because it sounds like you are doing everything correct for what you are trying to accomplish.

With your services hack... can you try to entitle the service and the catalog item, and then instead of removing the service... just disable the service.

If you cannot get around this issue through the method you are using, I would look into taking the user out of the picture of the IaaS deployment.  It is easy enough to take in an owner as custom property, make the request as your vRA service account  (who will own the machine initially) and then run a change owner through Event subscription to set the owner to the requester.  In this model, you do not need to to ever entitle catalog items to users and then hide them through a method that I believe shouldn't work.  It is almost like taking advantage of a bug to perform an end-to-end activity that can be solved another way.

It looks like the Catalog Item's organization property is only giving me the tenant name:

DynamicWrapper (Instance) : [vCACCAFECatalogOrganizationReference]-[class com.vmware.vcac.catalog.rest.stubs.CatalogOrganizationReference] -- VALUE : Tenant: {tenant name here}

However, I do recall that when I selected the catalog item the use for the workflow I was presented with two options; one for each business group. I had selected the first one which would have been for the Infrastructure tenant. So far I've assumed that this shouldn't matter since when I disable the Infrastructure reservations, the deployment ends up in the IT Operations business unit. I am now starting to second guess that however and will try assigning the other one to the workflow and see what happens. How are you accomplishing this? Are you using some logic to actually select one of the two IaaS blueprints?

I will look into your method of using a service account for the requests to avoid using the current method.

I just hand in the business group (which is part of the normal form items for a XaaS request) and then I parse for the the catalog item of that business group.

in psuedocode -- (I am typing this on the fly from memory)

for each ( tempCatalogItem in catalogItems) { //this is already filtered by type of blueprint)

     if (tempCatalogItem.getOrganization().getSubtenantRef() == "MYSUBTENANTNAME"){

          catalogItem = tempCatalogItem;

     }

}

Ah, this makes sense. I'll get this setup and see how it goes.

Thank you.

Good luck!