Use > Configuration Manager > Introduction > Introduction to Configuration Manager > Configuration Manager in a Multi-Tenant UCMDB Environment

Configuration Manager in a Multi-Tenant UCMDB Environment

While Configuration Manager itself does not support multi-tenancy, it can connect to a multi-tenant UCMDB environment.

To ensure that end users view UCMDB resources and CIs in a tenant-safe fashion, Configuration Manager should be set up in one of the following ways:

Configuration Manager for UCMDB Administration Only (Recommended)

In a multi-tenant UCMDB environment, Configuration Manager can function as the UCMDB administration tool. In this case, only administrators - who have permission to see all tenant-related information - can define configuration policies and/or track changes, while end-users with permissions associated with a specific tenant can view the resources to which that tenant is assigned, through the UCMDB Browser module.

This is achieved as follows:

  • Policies are defined in Configuration Manager, and can be consumed by end-users in a tenant-safe way through the UCMDB Browser module.

    A view defined in UCMDB to display data for all tenants can be managed in Configuration Manager and policies can be applied on top of the view. While administrators accessing the Configuration Manager UI can view the policy status for all CIs in this view, end-users accessing the UCMDB Browser module can consume only the policy status of those CIs that they are authorized to see.

  • In Configuration Manager, policies can be applied to tenant-specific CIs by specifying the tenant in the Owner Tenant attribute in the policy's filter. This ensures that the policy is applied only to CIs whose owner tenant is the specified tenant.

    Note You need to add the Managed qualifier to the Owner Tenant attribute in the CI Type Manager to make this attribute visible in the Configuration Manager attribute filter.

Configuration Manager for End-User Functionality

In a multi-tenant UCMDB environment, when all end users have direct access to the Configuration Manager UI, views managed in Configuration Manager must contain tenant-specific data, and access to these views must be configured to be limited to the tenants associated with the users' permissions for these views.

While this option enables all end-users to access Configuration Manager, it requires configuration and maintenance of each individual view, per the relevant tenant.