How to Grant user access to a specific ovdc in an org that contains multiple ovdc
search cancel

How to Grant user access to a specific ovdc in an org that contains multiple ovdc

book

Article ID: 380872

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

With Cloud Director, an org can have multiple OVDC, below are sample instructions on how to grant a specific user/group access to a specific OVDC

Environment

VMware Cloud Director 10.x

Resolution

An org admin can see all OVDC in the org. 
in order to restrict user access to a specific ovdc, the user role needs to be excluded from "Allow Access to All Organization VDCs" right and it must include the right "Edit Access Control List of Organization VDCs Implies Rights (1): View Access Control List of Organization VDCs"

now navigate to https://{{vcd_FQDN}}/tenant/{{org}}

Click on one of the ovdc where the user should be granted access to and then navigate to sharing, Edit and add the user in question here. 
Note: The access level "read only" is just an ACL and does not determine the actual permissions on the org. The right depends on the role assigned to the user.

Now log in to the tenant portal as the user and the user sees only that specific ovdc.

Additional Information

If the user role does not contain right:  "Edit Access Control List of Organization VDCs Implies Rights (1): View Access Control List of Organization VDCs" then the user will not have permission to create vApps or vms (options grayed out) in the ovdc although his role is granted the permission.