Assigning tenant to certificates prevents users from viewing the certificate in certificate manager

Hey guys,

We hit a snag today with the latest and greatest 3.15 release. We’re doing hybrid (tenanted/untenanted) deployments and noticed that when checking “Include in both tenanted and un-tenanted deployments” on a certificate and then assigning a tenant it, our users are no longer able to view that certificate in certificate manager and get an error saying that they’re missing CertificateView permission. However, they can still assign it to variables.

We tried a number of things to resolve this.

  1. We attempted to remove tenant from certificate’s tenant filter, hoping that no tenant in the filter will make the certificate available to all tenants. This didn’t work. Our tenanted deployments started failing because OD couldn’t find the cert assigned to the variable.

  2. We put the tenant back into certificate’s tenant filter and tried assigning that same tenant to the team’s otherwise empty tenants filter. Still, nobody on the team, except for admins, could view the certificate in certificate manager.

  3. Finally we tried assigning Certificate Manager role non-admin users and oddly this still didn’t work.

Is this a bug or are we missing something in the settings?


Hi Serge,

I’m sorry to hear you’re having some difficulties with certificates and tenant permissions.

I was not able to replicate your scenario. I must be missing a piece of the puzzle.
To help us replicate the problem, could you please supply the following:

  • A list of the teams the user is a member of, and a screenshot of each team showing their roles and scopes
  • An export of the permissions for the user
  • A screenshot of one of the certificiates, showing it’s Settings tab

Hopefully this will reveal the problem.