The private cloud in my lab is fairly simple in layout – 2 RHEL cells with a vCNS load balancer, shared NFS server and DB server. The Organisations are provisioned such that of the 3 tenants, one is a master tenant that is only used for creating and maintaining vApp templates, via a Public Catalog for sharing the templates for cloud provisioning and vCAC blueprint testing.
Running this configuration in with no changes to the default vCloud Director (vCD) roles worked fine – delegated LDAP users in the 2 user organisations were able to select vApp templates from the Public Catalog and deploy them locally. All good.
The issue came when the cells for vCD were upgraded to the latest v5.5.1 build. All of a sudden – vApp Author users out of the box could not see the public catalog despite having the role description ‘Rights given to a user who uses catalogs and creates vApps’.
After much digging and testing, I found that during the upgrade, the default permissions for the pre-defined roles in vCD had changed. Prior to the 5.5.1 update, the specific permission ‘View Shared Catalogs from Other Organisations’ was checked by default, so users with this role had this permission by default. Post-5.5.1 upgrade, this had been removed.
Solution. Simple enough – log in to the vCD instance as a System Administrator user, select ‘Administration > Roles’. Edit the vApp Author role, and open ‘All Rights > Catalog’. Check the box next to: ‘View Shared Catalogs from Other Organisations’. Click OK and return to vCD.
All the assigned users who have this permission will be updated in global fashion, but those already logged-in to the vCD portal may need to re-authenticate to obtain the new permission settings.