If you are an administrator or catalog owner, you can use a catalog's controlAccess links to grant or restrict access to the catalog.

A catalog initially grants full access to its owner and no access to other users. An administrator or the catalog owner can use the VMware Cloud Director API access control mechanism to view or modify catalog access controls. For a general discussion of access controls in VMware Cloud Director, see Controlling Access to vApps and Catalogs.

Note: Starting with VMware Cloud Director API version 39.0, /api/catalog/id/controlAccess returns OpenAPI href attribute values for subject in the responses. The POST request payload accepts either legacy href or OpenAPI href.

Procedure

  1. Retrieve the XML representation of the catalog.
    Use a request like this one: 
    GET https://vcloud.example.com/api/catalog/id
  2. Examine the Catalog response to find the controlAccess links that it contains.
    These links have the following form: 
    <Link
   rel="down"
   type="application/vnd.vmware.vcloud.controlAccess+xml"
   href="https://vcloud.example.com/api/catalog/id/controlAccess/"/>
<Link
   rel="controlAccess"
   type="application/vnd.vmware.vcloud.controlAccess+xml"
   href="https://vcloud.example.com/api/catalog/id/action/controlAccess/"/>
  3. Create a ControlAccessParams element request body that specifies the details of the update.
  4. POST the ControlAccessParams element to the action/controlAccess link for the catalog.

Example: Update Catalog Access Controls

This request updates the access controls of a catalog to grant full control to one user and read-only access to another user. The request body, a ControlAccessParams element, specifies a value of false for the IsSharedToEveryone element, and contains an AccessSetting element for each user whose access rights are being modified. Each user is identified by a reference to a User object. See User and Group Administration. The response, a subset of which appears in this example, echoes the request.

Request: 
POST https://vcloud.example.com/api/org/9/catalog/32/action/controlAccess
Content-Type: application/vnd.vmware.vcloud.controlAccess+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<ControlAccessParams
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <IsSharedToEveryone>false</IsSharedToEveryone>
   <AccessSettings>
      <AccessSetting>
         <Subject
            type="application/vnd.vmware.admin.user+xml"
            href="https://vcloud.example.com/api/admin/user/40"/>
         <AccessLevel>FullControl</AccessLevel>
      </AccessSetting>
      <AccessSetting>
         <Subject
            type="application/vnd.vmware.admin.user+xml"
            href="https://vcloud.example.com/api/admin/user/45"/>
         <AccessLevel>ReadOnly</AccessLevel>
      </AccessSetting>
   </AccessSettings>
</ControlAccessParams>
Response: 
200 OK
Content-Type: application/vnd.vmware.vcloud.controlAccess+xml
...
<ControlAccessParams
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <IsSharedToEveryone>false</IsSharedToEveryone>
   <AccessSettings>
      ...
   </AccessSettings>
</ControlAccessParams>