u/Abject_Plant8234

▲ 2 r/Citrix

CSP DAAS Multi Tennant Permission issues with Citrix Policy

Is anyone running into issues with newer multi-tenant deployments? It doesn’t appear that there’s a way to scope Citrix policies to a specific tenant. As a result, tenant-only administrators can see and update all policies across the entire multi-tenant environment.

This creates a significant security and operational risk. Based on the documentation I’ve reviewed, there doesn’t seem to be a workaround for this limitation.

Has anyone come up with a creative solution? At the moment, I can’t use tenant administrator roles because they provide cross-account visibility and management, which isn’t acceptable for our use case.

reddit.com
u/Abject_Plant8234 — 11 days ago