In Cloud Director, users assigned a custom role that includes the "View Shared Catalogs from Other Organizations" permission can see catalogs that are shared internally with other specific users within the same organization.

This permission is only intended to grant visibility to catalogs shared from an external organization to the user's organization.

Example Scenario:

1. Org1 shares "External Catalog" with Org2.
2. A user in Org2 ("User A") is given the "View Shared Catalogs from Other Organizations" permission. User A can correctly see "External Catalog."
3. An administrator in Org2 shares a separate "Internal Catalog" only with "User B" and "User C" (who are also in Org2).
4. Issue: "User A" can also see "Internal Catalog," even though it was not shared with them and is not from an external organization.

Note: User A is unable to edit the catalog.

Cloud Director 10.6.1

This behavior is caused by a logic gap in Cloud Director 10.6. The "View Shared Catalogs from Other Organizations" permission check incorrectly evaluates all shared catalogs, including those shared internally between users in the same organization, rather than limiting its scope to only catalogs shared from external organizations.

There is no viable workaround that allows for the use of the "View Shared Catalogs from Other Organizations" permission while also preventing this incorrect visibility of internally shared catalogs.

Broadcom is aware of this issue and it is planned to be fixed in a future release. Please subscribe to the article for updates.