Group‑Level Dependency for “Instances” Field in Forms to Prevent Unauthorized Visibility

Hello Morpheus Support Team,

in our environment we are using Forms → Type: Instances to let users select an existing instance as part of a workflow Catalog Item. Currently, the dependent fields for the Instances selector appear to be limited to Cloud only.

• When a user chooses a cloud, the Instances drop‑down lists all instances in that cloud, even those the user cannot actually access (because they belong to other Groups).
• This inadvertently exposes instance names and details that the user should not see.

For our use‑case it would be far more secure and intuitive if the Group could also be configured as a dependency, so that the Instances list is filtered to the requester’s own scope.

Questions

1. Does Morpheus currently support adding Group as a dependency for the Instances form field, and I might just be overlooking it?
2. If not, is this enhancement already on the roadmap, and could you share any timeline or workaround?
3. In the meantime, is there a recommended best‑practice to restrict the Instances list so users cannot view instances outside their permitted Groups?

Thank you for your help! If you need any further information about our setup, I will gladly provide it.

Best regards,
Marvin

Had a quick look at this. I can’t decide if this is a bug or not. I suspect the instances control should be made to respect group ownership but that would require the ability to link group as dependent field - an option which as you say is not there so maybe it is not a bug.

Perhaps add as an idea in this forum?

A work around would be to use the API to build a REST option list, and use a translation script or request script to include only instances which match the group and cloud id selected in the two previous controls. That would work.