After removing a custom or third-party plug-in from VMware Cloud Director (VCD) that created a new set of rights, the custom list of rights added by the plug-in are still visible in the roles and rights bundles.

VMware Cloud Director 10.6.x

This issue can occur if, as a part of the uninstallation of the custom or third-party plug-in, the custom rights are not automatically removed as a part of the uninstallation process.

To remove stale custom rights from Cloud Director, delete the rights via the API.

1. Take a backup of Cloud Director as per Backup and Restore of Your VMware Cloud Director Appliance.
2. Log into the VCD API service as per How to establish an API connection VMware Cloud Director.
3. Use the query service to identify the references for the custom rights by filtering using each of the rights' names:
   
   curl --location 'https://vcd.example.com/api/query?type=right&filter=(name==custom right name)' \
--header 'Accept: application/*+xml;version=39.0' \
--header 'Authorization: Bearer <authorization token>'
   
   
4. For the rights you want to remove, perform a DELETE API call against the reference link for each of the custom rights:
   
   curl --location --request DELETE 'https://vcd.example.com/api/admin/right/########-####-####-####-############' \
--header 'Accept: application/*+xml;version=39.0' \
--header 'Authorization: Bearer <authorization token>'

For more information, see VMware Cloud Director API - DELETE-Right.