Multicloud platforms may have a hierarchy of tenants in a tree structure. These tenants can have their own scope hierarchy with multiple levels.
An example of a hierarchy of tenants could be a chain of retail stores with a head office and regional offices, as well as the stores themselves. The head office may manage the regional offices, and the regional offices may manage the stores. The IT department in the head office and the IT department in the regional office may both share VM templates with the stores.
Tenant hierarchy example
You can use tenant scopes to:
- Create restricted sets of resources for administrators
- Share resources with a group of tenants and an optional tenant hierarchy
The following diagram shows an example of a tenant scopes that are in a hierarchy. The hierarchy contains the following scopes:
- Multinational scope
- Reseller1 scope
- Customer1 scope
- Dept1 scope
Manage enterprises in scope
When an enterprise is in your user scope, you can manage the enterprise and its users and resources such as VM templates, depending on your user role and privileges.
An administrator with the Customer1 scope would manage the enterprises:
Share resources to enterprises in a scope beneath your scope
When an enterprise is in a scope beneath your scope, you can share resources with the users of the enterprise. For example, you can share VM templates and configuration blueprints.
- An administrator with the Multinational scope could share templates and blueprints with users in all of the enterprises.
- An administrator with the Resellerl1 scope could share to the enterprises in the scopes beneath their scope, which means the Customer1 scope and the optional Dept1 scope.
How to create a scope hierarchy
To create a scope hierarchy:
- Create the top level scope, and set the Global scope as its parent
- Add the enterprise in the top level scope
- Create the second level scope and set the parent scope to be the top level scope
- Add the enterprise to the second level scope
- Continue to the next scope level, assign the parents
- Add the enterprise
Continue to create scopes and add enterprises for the rest of the hierarchy
For the above example
- Create the "Multinational" scope and set the Global scope as its parent
- Add the enterprise ("Multinational").
- Create the "Reseller1" scope. Set the parent scope of the "Reseller1" scope to"Multinational".
- Add the enterprise ("Reseller1").
- Next create the next scope "Customer1" and set its parent scope as "Reseller1".
- Then add the enterprises ("Customer1" and "Unit1 and Unit2"...)
- You can also create the Dept1 scope or allow your customers to create their own sub scopes
An administrator does not need to have their own enterprise in scope. In this case they will still be able to access the Apps library but they won't be able to edit the public cloud credentials or manage users.
Configure a reseller
The reseller enterprise can provide public cloud credentials to customers. And the reseller will receive aggregate billing reports for customers. In the above example, "Customer1" would be a reseller in its scope and scope hierarchy.
To mark a reseller:
- Edit the tenant that represents reseller, at the top of the scope hierarchy
- Set the Reseller1 scope as the default scope for the enterprise. This will be the scope where the enterprise is the reseller
- The platform will also apply the default scope to new users in this enterprise
- Select the reseller option
This tenant will be marked with a (R) in the tenant list, indicating that the enterprise is a reseller.
Configure a key node at the top of the customer hierarchy for data aggregation
The enterprise at the top of a customer hierarchy can be set as the key node for data aggregation. In the above example, "Customer1" would be a key node in its scope and scope hierarchy.
To mark a key node:
- Edit the tenant that represents the head office or equivalent, at the top of its scope hierarchy (Unit1, Unit2 are in the same scope, and Dept1 is in a lower scope)
- Set the top level scope as the default scope for the enterprise. This will be the scope where the enterprise is the key node
- The platform will also apply the default scope to new users in this enterprise, but you can edit this scope, for example, to set a scope with only the user's enterprise
- Select the Key node option
A key node tenant will be marked with a (K) in the tenant list.
For more information about scopes see: