@olympicgreg Hello! And thanks for your feedback on the ACL subject. I note this on our XO-6 next features, so we will discuss on it and see what we can improve. Indeed the ACL subject is quite not trivial and we keep on working on it. Have a good day and don't hesitate to give us feedbacks on XO features.

Hi @olympicgreg, this seems to be the intended behaviour. Self Service and ACLs weren't designed to work together, so when you create a VM, you either do it under the Self Service feature or thanks to the ACLs you have. So in your case, the user might have Viewer ACLs on the pool, but since they create the VM using Self Service, they will only be able to see the resources available in the Self Service resource set. Regarding ACLs, "Viewer" is not enough to be able to create a VM on the pool. But if you change it to "Admin", you'll see that the user is now able to create a VM outside of the Self Service feature, simply by selecting the pool. And in that case, they'll be able to see all the pool's networks.