We are a Service Provider and make extensive use of the Multi-tenancy features of R12.6. We have a tenant/sub-tenant setup which has worked successfully for some years that involves our company’s Analysts being defined in several different levels of the hierarchy (not just in the top-level “Service Provider” Tenant). For many of our Analysts their access to tenants is controlled by populating the Analyst’s Tenant Group on their Contact records.
We have just noticed a problem, that must have been present for a long time but the users never advised us, whereby the addition of any subtenants to a tenant that previously had no subtenants, results in the hiding of records from many of the upper tenants.
To try and explain our structure in a simplified form, we have:
Depth 0: Service Provider Tenant but not many Contacts and Groups
Depth 1: Tenant with most of our Contacts and Groups defined
Depth 2: not relevant to this discussion
Depth 3: Typical customer level
Depth 4: Irregularly used second level for customers
Using the above explanation of our structure, what is normal for us is that we have a customer at Depth 3 that has no subtenants and any ticket created in that tenant can see the Groups, etc from Depth 1 (as well as all those above and below) and it always shows the informational message “AHD05349:Selections restricted to service provider tenant DEPTH-0-TENANT-NAME or tenants allowed for tenant DEPTH-3-TENANT-NAME references”
What is causing us problems is if we add a sub-tenant to a Depth 3 tenant (obviously at Depth 4) and then create another ticket in the Depth 3 Tenant, we can only see Groups, etc from Depths 0 and 3 (but nothing in between) and the following message is shown: ”AHD05366:Selections restricted to tenants consistent with previous selections and service provider tenant DEPTH-0-TENANT-NAME”.
Interestingly tickets we then create in the new Depth 4 tenant will allow us to properly access the Groups, etc from all levels above, as you would expect. However the Depth 3 Tenant above is now unusable for us.
We have done some experimentation to take some levels out of the hierarchy but we keep getting the same issue with tickets created within the level with the second-highest depth.
We have tried using a Role that has the Tenant Group defined within the Role rather than using the Analyst’s Tenant Group off the Contact record but this does not work with manually-maintained Tenant Groups (which they must be because of different security being involved for different customers).
We are aware that r12.6 is no longer supported by CA.
We are obviously not in a hurry to restructure our tenants because what we have works perfectly 99% of the time but it would be a big help if someone knew of a fix that had been created for this issue or at the very least what the intention was behind the code that produces this “AHD05366:Selections restricted to tenants consistent with previous selections and service provider tenant DEPTH-0-TENANT-NAME” message.
Thanks in anticipation,