Administer a Subtenant without Impersonating

Headline:
Administer a subtenant without needing to create a user to impersonate.


Description:
Both with the GUI or the API, a user creation is required in the subtenant to manage it directly. In some cases, customers that have their own subtenant do not want a parent tenant having an account in the environment. Modifying items directly with the API in different subtenants requires multiple credentials and API keys need to be managed.

Impersonating a role into a subtenant could be a possibility, which could work for both a GUI and API perspective, depending on the rights.

1 Like

This has created a lot of issues for our team because we restrict subtenant permissions, so users created in the subtenant don’t have the proper rights to pull some data (like instances). I’ve been forced to create a custom report plugin to do direct database queries then remove the report generated on a schedule.