Headline:
Administer a subtenant without needing to create a user to impersonate.
Description:
Both with the GUI or the API, a user creation is required in the subtenant to manage it directly. In some cases, customers that have their own subtenant do not want a parent tenant having an account in the environment. Modifying items directly with the API in different subtenants requires multiple credentials and API keys need to be managed.
Impersonating a role into a subtenant could be a possibility, which could work for both a GUI and API perspective, depending on the rights.
This has created a lot of issues for our team because we restrict subtenant permissions, so users created in the subtenant donβt have the proper rights to pull some data (like instances). Iβve been forced to create a custom report plugin to do direct database queries then remove the report generated on a schedule.
We are adding administrating roles in subtenants from the master. Other items are ISO issues, and therefore probably would not make the platform. Is this what you had in mind?
Spoke with Korey and the multi-tenant role modification from the master is overall what he was posting about. Going to close this but others can create suggestions as needed.
Note There are ISO restrictions on the type of data we can make available to the master tenant without direct accounts within the subtenants.