An administrator or the vApp owner can use the controlAccess links in a VApp element to grant or restrict access to the vApp.

A vApp initially grants full access to its owner and no access to other users. The vCloud API access control mechanism enables a Virtual Infrastructure Administrator to retrieve or update vApp access controls to add or remove rights for all users, or for individual users. For a general discussion of access controls in vCloud Director, see Controlling Access to vApps and Catalogs.

Verify that you are logged in to the vCloud API endpoint as a Virtual Infrastructure Administrator or the End User who owns this object.

1

Retrieve the XML representation of the vApp.

Use a request like this one:

GET https://vcloud.example.com/api/vApp/vapp-7
2

Examine the VApp element to find the controlAccess links that it contains.

3

Create a ControlAccessParams element request body that specifies the details of the update.

4

POST the ControlAccessParams element to the action/controlAccess link that you retrieved in Step 1.

This request updates the access controls of a vApp to grant full control to one user and read-only access to another user. The request body, a ControlAccessParams element, specifies a value of false for the IsSharedToEveryone element, and contains an AccessSetting element for each user whose access rights are being modified. Each user is identified by a reference to a User object. The response, a subset of which appears in this example, echoes the request.

Request:

POST https://vcloud.example.com/api/vApp/vapp-7/action/controlAccess
Content-Type: application/vnd.vmware.vcloud.controlAccess+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<ControlAccessParams
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <IsSharedToEveryone>false</IsSharedToEveryone>
   <AccessSettings>
      <AccessSetting>
         <Subject
            type="application/vnd.vmware.admin.user+xml"
            href="https://vcloud.example.com/api/admin/user/40"/>
         <AccessLevel>FullControl</AccessLevel>
      </AccessSetting>
      <AccessSetting>
         <Subject
            type="application/vnd.vmware.admin.user+xml"
            href="https://vcloud.example.com/api/admin/user/45"/>
         <AccessLevel>ReadOnly</AccessLevel>
      </AccessSetting>
   </AccessSettings>
</ControlAccessParams>

Response:

200 OK
Content-Type: application/vnd.vmware.vcloud.controlAccess+xml
...
<ControlAccessParams
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <IsSharedToEveryone>false</IsSharedToEveryone>
   <AccessSettings>
      ...
   </AccessSettings>
</ControlAccessParams>