After creating new Tenants, the Collections from one Tenant are visible in the new Tenant.
Users in one Tenant can see the Collections from another Tenant.
This problem was introduced in the new TADCo (Tenant Agnostic Data Collector) functionality. The problem may be observed in the r2.8 release that included this new feature set.
The steps taken that result in this problem being observed are as follows:
- Create a few new Tenants. For example lets say we create two new Tenants, one named Coca-Cola and one named Pepsi.
- In the Default Tenant create a few new users. In the "Access Permission" phase of user creation select "Collections", "Groups" and "Inventory" (Defined Tenants->...) from a different Tenant for each user.
- Administer each new Tenant; Go to Administration->Groups; Add a new custom Collection under "Collections"
- Notice that the custom Collection created on a Tenant can now be viewed by users within other Tenants (Administration->Monitored Devices).
This behavior is not the intended functionality. A Tenant should only allow access/view to Collections created within itself.
Two paths to resolve this are available.
- Install or upgrade to the r3.0 release for a code change that resolves this problem.
- Request the fix for defect DE57632 from the CA Performance Manager product Support team. To do so open a new Support Case and reference this Knowledge Base Article.
To apply the fix from defect DE57632 complete the following:
- Set CleanupCustomMonitoredGroupVisibilityOnFullSync to true on the Data Aggregator element item via REST as follows:
- Find the Item ID of the Data Aggregator via REST using a GET at the URL:
http://<DA host>:<DA port>/rest/ dataaggregator
- Set the attribute value to true using a PUT in REST via the URL:
http://<DA host>:<DA port>/rest/ dataaggregator/<Data_Aggregator_ID>
- Use the following XML in the body:
- Perform a full synchronization on the Data Aggregator
Validate the fix using the following tests:
- Go to the CA Performance Manager web UI, Administer each Tenant impacted by the issue before the fix was installed. They should only show custom Collections created within the Tenant itself and none from other Tenants.
- Create more Users and Collections under different Tenants. Verify that the Tenant can only see custom Collections created within itself.