In a multi-tenant vCenter environment where multiple customers or agencies share the same infrastructure, administrators may find that individual vCenter permissions are not honored within the HCX interface.

The following behaviors are observed in these environments:

• Inventory Visibility: An end user logged into vCenter with limited permissions who is also part of the HCX Administrator role can view the entire target inventory, including resource pools and folders to which they do not have access from a standard vSphere perspective.
• Unintended Resource Access: When configuring migration jobs, users can select destination objects that were not intended for their specific organizational or tenant scope.

• VMware HCX
• VMware Cloud Foundation (VCF)

• This is an expected behavior and not a product defect. HCX is designed to use the service account credentials configured during registration on port 9443 to populate the inventory, rather than the credentials of the individual logged-in user.
• Because this service account typically requires administrative privileges to perform migration tasks, it has broader visibility into the vCenter objects than a tenant user with restricted permissions.

The service provider manages migration activities to ensure proper isolation and resource management, rather than individual user tenants, due to this current product limitation.