vCloud Director gives Organization users some granular control over what level of access users have to vApps, which can be controlled through the vCloud API and PowerCLI.
The following code grabs a vApp's current access settings, and allows a user to modify the vApp.
You can also control the default access policy, as well as the level using: $access.IsSharedToEveryone and $access.EveryoneAccessLevel !!!