Controlling Access to VDC Templates

Upon creation, a VDC template is not accessible to any organization in the system. To enable organizations to create VDCs from a template, a system administrator must use the VMware Cloud Director API access control mechanism to grant those organizations ReadOnly access to the template, and must also grant organization members rights to view and instantiate VDC templates.

A system administrator can make a request similar to the ones described in Controlling Access to vApps and Catalogs to control access to VDC templates.
Important: The rights to view and instantiate VDC templates are restricted to the system administrator by default. The system administrator must explicitly grant those rights to organization members or roles to enable use of VDC templates in an organization.

Prerequisites

This operation is restricted to system administrators.

Procedure

  1. Retrieve the XML representation of the VDC template to find its controlAccess link.
    Use a request like this one:
    GET https://vcloud.example.com/api/admin/extension/VdcTemplate/100
    The controlAccess link has the following form:
    <vcloud:Link
       rel="controlAccess"
       href="https://vcloud.example.com/api/admin/extension/vdcTemplate/100/action/controlAccess"
       type="application/vnd.vmware.vcloud.controlAccess+xml"/>
  2. Create a ControlAccessParams request body that grants ReadOnly access to the organizations that you want to have access to the template .
    The only AccessLevel that you can grant for a VdcTemplate is ReadOnly. You cannot set IsSharedToEveryone to true.
  3. POST the ControlAccessParams request body to the link you retrieved in Step 1.

Results

A link to the specified VDC template is returned in the vdcTemplates list of those organizations to which access was granted. See Create a VDC from a Template

Example: Grant Access to a VDC Template

This request grants access to a VDC template to two organizations.

Request:
POST https://vcloud.example.com/api/admin/extension/vdcTemplate/100/action/controlAccess
Content-Type: application/vnd.vmware.vcloud.controlAccess+xml
...
<ControlAccessParams
   xmlns:vmext="http://www.vmware.com/vcloud/extension/v1.5"
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <IsSharedToEveryone>false</IsSharedToEveryone>
   <AccessSettings>
      <AccessSetting>
         <Subject href="https://vcloud.example.com/api/org/5"></Subject>
         <AccessLevel>ReadOnly</AccessLevel>
      </AccessSetting>
      <AccessSetting>
         <Subject href="https://vcloud.example.com/api/org/26"></Subject>
         <AccessLevel>ReadOnly</AccessLevel>
      </AccessSetting>
   </AccessSettings>
</ControlAccessParams>

The response is a ControlAccessParams element.

Response:
200 OK
Content-Type: application/vnd.vmware.vcloud.controlAccess+xml
...
<ControlAccessParams
   xmlns:vmext="http://www.vmware.com/vcloud/extension/v1.5"
   xmlns="http://www.vmware.com/vcloud/v1.5" \>
   ...
</ControlAccessParams>