The purpose of that feature is to segregate nodes in different zones (tenants) so that users can only see a subset of nodes.

In Rudder 8.1, the goal of the feature is to be able to give read-only access to a subset of nodes to some users so that they can see policy errors on these nodes without seeing other node information.

In Rudder 8.1, policies are not limited by tenants. Only users with read-only rights should be used in conjunction with tenants.

How to use

  • 1/ Define available tenants

A tenant define the name of zone that can be assigned to nodes. In the UI, you can add or remove tenants from the list of available tenants:


  • an identifier for the tenants: it’s the value that will be used in nodes and users. A tenant identifier must be composed of alpha-numeric or hyphen limited ASCII characters.

  • a name, which is a human readable name used to describe the tenant,

  • a documentation, which is a markdown text documentation for the tenant.

  • 2/ Assign users to tenants

Tenants can be assigned to user and API accounts.

Users can have a new tenants attribute in rudder-users.xml. That element takes a comma separated list of string as value, where each string is one tenant identifier.

API accounts can be assigned to tenants in the API account UI.

  • 3/ Assign nodes to tenants

In Rudder 8.1, the assignation of nodes to tenants is done via API. See :

← GLPI Node external reports →