Each access level supported by VMware Cloud Director grants one or more users a specific set of rights to an object.

VMware Cloud Director access levels are similar to roles in that they give a name to a set of rights. When you apply an access control to an object, you grant one or more users in your organization a set of rights to the object. Access rights are additive. You can make an object more accessible to users who have limited rights, but you cannot to restrict the rights that a user may already have. For example, an organization administrator retains full control of an object even if you apply ReadOnlyaccess rights to it for all organization members. For example, a Virtual Infrastructure Administrator retains full control of an object even if you apply ReadOnlyaccess rights to it for all organization members.

Table 1. Access Levels and the Rights They Grant
FullControl Change ReadOnly
Catalog: Add vApp from My Cloud X X
Catalog: Change Owner X
Catalog: VCSP Publish Subscribe X X
Catalog: Edit Properties X X
Catalog: Publish X X
Catalog: View Private and Shared Catalogs X X X
Catalog: View Published Catalogs X X X
vApp Template or Media: Copy X X X
vApp Template or Media: Create or Upload X X
vApp Template or Media: Edit X X
vApp Template or Media: View X X X
vApp Template: Checkout (Add to My Cloud) X X X
vApp Template: Download X X X
vApp: Change Owner X
vApp: Copy X X X
vApp: Create or Reconfigure X
vApp: Delete X
vApp: Edit Properties X X
vApp: Edit VM CPU X X
vApp: Edit VM Hard Disk X X
vApp: Edit VM Memory X X
vApp: Edit VM Network X X
vApp: Edit VM Properties X X
vApp: Manage VM Password Settings X
vApp: Power Operations X X
vApp: Sharing X
vApp: Use Console X X X