By defining access control rules you can assign levels of access to separate users, user groups, or everyone in the organization. You can define access control rules for catalogs and vApps.

Verify that you are connected to a vCloud Director server.


Create a new rule for accessing the vApp named MyVApp.

New-CIAccessControlRule -Entity 'MyVApp' -EveryoneInOrg -AccessLevel "Read"

All users in the organization have read-only access to the vApp.


Modify the access rule for a trusted user who needs full control over MyVApp.

New-CIAccessControlRule -Entity 'MyVApp' -User "MyAdvancedUser" -AccessLevel "FullControl"

Restrict the full control access of MyAdvancedUser to read/write access.

$accessRule = Get-CIAccessControlRule -Entity 'MyVApp' -User 'MyAdvancedUser'
$accessRule | Set-CIAccessControlRule -AccessLevel "ReadWrite"

Remove the custom rule that you created earlier for MyAdvancedUser.

$accessRule | Remove-CIAccessControlRule