If you are an administrator or catalog owner, you can use the controlAccess links in your organization to grant or restrict access to a catalog.

A catalog initially grants full access to its owner and no access to other users. An administrator or the catalog owner can use the vCloud API access control mechanism to view or modify catalog access controls. For a general discussion of access controls in vCloud Director, see Controlling Access to vApps and Catalogs.

1

Retrieve the XML representation of the organization that contains the catalog.

Use a request like this one:

GET https://vcloud.example.com/api/org/26
2

Examine the Org element to find the controlAccess links for the catalogs that it contains.

These links have the following form:

<Link
   rel="down"
   type="application/vnd.vmware.vcloud.controlAccess+xml"
   href="https://vcloud.example.com/api/org/id/catalog/id/controlAccess/"/>
<Link
   rel="controlAccess"
   type="application/vnd.vmware.vcloud.controlAccess+xml"
   href="https://vcloud.example.com/api/org/id/catalog/id/action/controlAccess/"/>
Note

The controlAccess links for catalogs are not returned in the AdminOrg response when you retrieve the organization in the admin view.

3

Create a ControlAccessParams element request body that specifies the details of the update.

4

POST the ControlAccessParams element to the action/controlAccess link for the catalog.

This request updates the access controls of a catalog to grant full control to one user and read-only access to another user. The request body, a ControlAccessParams element, specifies a value of false for the IsSharedToEveryone element, and contains an AccessSetting element for each user whose access rights are being modified. Each user is identified by a reference to a User object. See User and Group Administration. The response, a subset of which appears in this example, echoes the request.

Request:

POST https://vcloud.example.com/api/org/9/catalog/32/action/controlAccess
Content-Type: application/vnd.vmware.vcloud.controlAccess+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<ControlAccessParams
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <IsSharedToEveryone>false</IsSharedToEveryone>
   <AccessSettings>
      <AccessSetting>
         <Subject
            type="application/vnd.vmware.admin.user+xml"
            href="https://vcloud.example.com/api/admin/user/40"/>
         <AccessLevel>FullControl</AccessLevel>
      </AccessSetting>
      <AccessSetting>
         <Subject
            type="application/vnd.vmware.admin.user+xml"
            href="https://vcloud.example.com/api/admin/user/45"/>
         <AccessLevel>ReadOnly</AccessLevel>
      </AccessSetting>
   </AccessSettings>
</ControlAccessParams>

Response:

200 OK
Content-Type: application/vnd.vmware.vcloud.controlAccess+xml
...
<ControlAccessParams
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <IsSharedToEveryone>false</IsSharedToEveryone>
   <AccessSettings>
      ...
   </AccessSettings>
</ControlAccessParams>