VMware Cloud Community
zebduin
Enthusiast
Enthusiast
‎03-23-2015 11:07 AM
Jump to solution

Tenant Admins can see machines in other Tenants in 6.2

Scenario: multi-tenant env.

Tenant Admins can go to Administration -> Tenant Machines -> Reclamation.  They can then select a machine that was provisioned in another tenant and select Reclaim Virtual Machine.  This happened with one of my customers and I just replicated the issue on a lab env.

This is what I did:

Created a user gss-tenantadmin

      Added to Tenant Admins in GSS Tenant

      Added to Business group in that tenant

Created a user dcd-tenantadmin

      Added to Tenant Admins in DCD Tenant

      Added to Business group in that tenant

Note: the users are not member of any global groups except for domain users,  They are not members of Fabric Admins or IaaS Admins and have no membership of any sort in any other tenants.

Logged in as gss-tenantadmin

      Navigated to Administration -> Tenant Machines -> Reclamation

I am able to view the 2 machines under the GSS tenant

I am able to view the machine I provisioned in the DCD tenant

The tenant admin should only be able to reclaim virtual machines within their own tenant.

Did I make a mistake someplace?  Is this a bug with vRA 6.2?

0 Kudos
1 Solution

Accepted Solutions
zebduin
Enthusiast
Enthusiast
‎04-06-2015 07:29 AM
Jump to solution

VMware has acknowledged this is a bug.  The fix will be included in 6.2.3 release (Q3?).  I have customers that are interested in a quicker fix, thus a hotfix request has been sent to VMware Engineering.  I'll post again when the hotfix is available. 

View solution in original post

0 Kudos
2 Replies
zebduin
Enthusiast
Enthusiast
‎03-25-2015 11:29 AM
Jump to solution

Worked with VMware support - the general consensus at this point of time is a bug in 6.2.  Log bundles have been sent for further evaluation.

Note: Even though a tenant admin can go through the motions of reclaiming a vm from a different tenant, the request never progresses past pending. 

zebduin
Enthusiast
Enthusiast
‎04-06-2015 07:29 AM
Jump to solution

VMware has acknowledged this is a bug.  The fix will be included in 6.2.3 release (Q3?).  I have customers that are interested in a quicker fix, thus a hotfix request has been sent to VMware Engineering.  I'll post again when the hotfix is available. 

0 Kudos