An administrator or the vApp owner can use the controlAccess links in a VApp element to grant or restrict access to the vApp.

A vApp initially grants full access to its owner and no access to other users. The vCloud API access control mechanism enables an administrator to retrieve or update vApp access controls to add or remove rights for all users, or for individual users. For a general discussion of access controls in vCloud Director, see Controlling Access to vApps and Catalogs.

Prerequisites

Verify that you are logged in to the vCloud API as an administrator or the object owner.

Procedure
1

Retrieve the XML representation of the vApp.

Use a request like this one: 

GET https://vcloud.example.com/api/vApp/vapp-7
2

Examine the VApp element to find the controlAccess links that it contains.

3

Create a ControlAccessParams element request body that specifies the details of the update.

4

POST the ControlAccessParams element to the action/controlAccess link that you retrieved in Step 1.

Example: Update vApp Access Controls

This request updates the access controls of a vApp to grant full control to one user and read-only access to another user. The request body, a ControlAccessParams element, specifies a value of false for the IsSharedToEveryone element, and contains an AccessSetting element for each user whose access rights are being modified. Each user is identified by a reference to a User object. See User and Group Administration. The response, a subset of which appears in this example, echoes the request.

Request: 

POST https://vcloud.example.com/api/vApp/vapp-7/action/controlAccess
Content-Type: application/vnd.vmware.vcloud.controlAccess+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<ControlAccessParams
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <IsSharedToEveryone>false</IsSharedToEveryone>
   <AccessSettings>
      <AccessSetting>
         <Subject
            type="application/vnd.vmware.admin.user+xml"
            href="https://vcloud.example.com/api/admin/user/40"/>
         <AccessLevel>FullControl</AccessLevel>
      </AccessSetting>
      <AccessSetting>
         <Subject
            type="application/vnd.vmware.admin.user+xml"
            href="https://vcloud.example.com/api/admin/user/45"/>
         <AccessLevel>ReadOnly</AccessLevel>
      </AccessSetting>
   </AccessSettings>
</ControlAccessParams>

Response: 

200 OK
Content-Type: application/vnd.vmware.vcloud.controlAccess+xml
...
<ControlAccessParams
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <IsSharedToEveryone>false</IsSharedToEveryone>
   <AccessSettings>
      ...
   </AccessSettings>
</ControlAccessParams>