The Orchestrator multitenancy feature provides a certain level of isolation between tenants.

After enabling multitenancy, the objects that Orchestrator manages split into a system scope and a tenant-specific scope. These objects are workflows, actions, packages, configurations, categories, policies, policy templates, tasks, workflow runs, and others.

System Scope

System scope is the semantic space that holds all the Orchestrator content that is shared between all tenants. The system content includes the following items:

  • All objects included in the default Orchestrator plug-ins.

  • Custom objects created before enabling the multitenancy feature.

  • Objects created by the vRealize Automation system administrator.

  • Predefined automation content (workflows, actions and other) that are managed by the system tenant and available for reading and invoking by all non-system tenants.

Tenants have a read-only access to this content and cannot create, modify, or delete any system-scope objects.

Tenant-Specific Scope

Tenant-specific objects are associated with the tenant that created them. These objects can be workflows, actions, policies, policy templates, resources and others. Tenants can edit or delete content if they created it. They can run and view system content and their own tenant-specific content.

Tenants cannot view, edit, or delete system scope objects or objects created by other tenants.

Orchestrator Plug-Ins in a Multitenant Environment

vRealize Orchestrator 7.4 does not support multitenancy of the Orchestrator plug-ins and plug-in inventory objects. Objects that belong to the plug-in inventory are a part of the system scope.


Objects, such as endpoints and inventory items, that you create by running workflows from the plug-in library are visible and accessible by all tenants.

Resource Allocation

The Orchestrator server resources, such as CPU, memory, storage, network bandwidth, database space, maximum number of workflow runs, thread pools, and others are shared between all tenants. If one of the tenants reaches the limit of the allocated resources, all other tenants that use the same Orchestrator instance are affected.


The security isolation between tenants in vRealize Orchestrator 7.4 uses the system administrator and tenant administrator user roles as they are defined in vRealize Automation. For more information about user roles in vRealize Automation, see User Roles Overview in Preparing and Using Service Blueprints in vRealize Automation.


The vRealize Automation system administrator must be a member of the Orchestrator administrators group that you enter in the Admin group text box when you configure the authentication provider in Control Center.

User permissions that are configurable from the Orchestrator client do not correspond to any of the vRealize Automation user roles. You must configure them explicitly for a particular user or a group. For more information about setting user permissions, see Using the VMware vRealize Orchestrator Client.