Some times vCloud Directors give the organization users grainy control over the the level of access users have to vApps , this is all controlled through the the vCloud API and powerCLI. The code below takes vApps‘ current settings and allow the user to modify the vApp:
# Get our required Objects
$vapp = Get-CIVApp “My vApp”
$user = Get-CIUser “UserToBeAdded”
# Access Level can be one of: ReadOnly,Change,FullControl
$accessLevel = “Change”
# Get current access policy from vApp
$access = $vapp.ExtensionData.GetControlAccess()
if (!$access.AccessSettings)
{
$access.AccessSettings = New-Object VMware.VimAutomation.Cloud.Views.AccessSettings
}
# New Access object
$newAccess = new-object VMware.VimAutomation.Cloud.Views.AccessSetting
$newAccess.Subject = New-Object VMware.VimAutomation.Cloud.Views.Reference
# Set our access level
$newAccess.AccessLevel = $accessLevel
# Insert user href
$newAccess.Subject.Href = $user.ExtensionData.Href
$newAccess.Subject.Type = “application/vnd.vmware.admin.user+xml”
# Add new access to vApp access settings object
$access.AccessSettings.AccessSetting += $newAccess
#Send new Access config
$vapp.ExtensionData.ControlAccess($access)
A user is also able to control the default access policyand the level-using:
$access.IsSharedToEveryone and $access–
