Symptom:
On APIC CLI, when viewing the deployed device cluster of a particular tenant, the CLI shows the deployed device cluster of all tenants, instead of just that particular tenant.

In the example below, the g003_admin user is configured with security domain with access to only the g003 tenant. The user can only view g003 tenant, but under the deployed-device-clusters folder/directory, this user can view the deployed device clusters for all tenants:
g003_admin@v6-apic2:~> whoami
g003_admin
g003_admin@v6-apic2:~> 
g003_admin@v6-apic2:~> cd aci 
g003_admin@v6-apic2:aci> cd tenants/
g003_admin@v6-apic2:tenants> 
g003_admin@v6-apic2:tenants> ls
common  g003  tenant.wiz
g003_admin@v6-apic2:tenants> 
g003_admin@v6-apic2:tenants> cd g003
g003_admin@v6-apic2:g003> cd l4-l7-services
g003_admin@v6-apic2:l4-l7-services> cd deployed-device-clusters/
g003_admin@v6-apic2:deployed-device-clusters> 
g003_admin@v6-apic2:deployed-device-clusters> ls
[uni--tn-g003--lDevVip-asav01_asav02]-[uni--tn-g003]-net01  [uni--tn-s009--lDevVip-ns01_ns02]-[uni--tn-s009]-net01
[uni--tn-g007--lDevVip-asa01]-[uni--tn-g007]-net01          summary
g003_admin@v6-apic2:deployed-device-clusters> 
g003_admin@v6-apic2:deployed-device-clusters> cat summary 
deployed-device-clusters:
name                   private-network  state    
---------------------  ---------------  ---------
uni/tn-g003/           net01            allocated
lDevVip-asav01_asav02                            
uni/tn-g007/           net01            allocated
lDevVip-asa01                                    
uni/tn-s009/           net01            allocated
lDevVip-ns01_ns02                                
g003_admin@v6-apic2:deployed-device-clusters>

Conditions:
Viewing deployed device clusters of a tenant from CLI.