During installation, Site Recovery Manager administrator rights are assigned to the vCenter Server administrator role. At this time, only vCenter Server administrators can log in to Site Recovery Manager, unless they explicitly grant access to other users.
About this task
To allow other users to access Site Recovery Manager, vCenter Server administrators must grant them permissions in the Site Recovery Manager interface. Permission assignments apply on a per-site basis. You must add corresponding permissions on both sites.
Site Recovery Manager requires permissions on vCenter Server objects as well as on Site Recovery Manager objects. To configure permissions on the remote vCenter Server installation, start another instance of the vSphere Client. You can change Site Recovery Manager permissions from the same interface on both sites after you connect the protected and recovery sites.
Site Recovery Manager augments vCenter Server roles and permissions with additional permissions that allow detailed control over Site Recovery Manager specific tasks and operations. For information about the permissions that each Site Recovery Manager role includes, see Site Recovery Manager Roles Reference.
- Click Sites in the Site Recovery Manager interface, and select the site on which to assign permissions.
- Click the Permissions tab.
- Right-click anywhere in the panel for either the local or remote sites and select Add Permission.
- Click Add.
- Identify a user or group for the role.
- From the Domain drop-down menu, select the domain that contains the user or group.
- Enter a user or user group name in the Search text box or select a name from the Name list.
- Click Add and click OK.
- Select a role from the Assigned Role drop-down menu to assign to the user or user group that you selected.
The Assigned Role drop-down menu includes all of the roles that vCenter Server and its plug-ins make available. Site Recovery Manager adds several roles to vCenter Server.
Allow a user or user group to perform all Site Recovery Manager configuration and administration operations.
Assign the Site Recovery Manager Administrator role.
Allow a user or user group to manage and modify protection groups and to configure protection on virtual machines.
Assign the Site Recovery Manager Protection Groups Administrator role.
Allow a user or user group to perform recoveries and test recoveries.
Assign the Site Recovery Manager Recovery Administrator role.
Allow a user or user group to create, modify, and test recovery plans.
Assign the Site Recovery Manager Recovery Plans Administrator role.
Allow a user or user group to test recovery plans.
Assign the Site Recovery Manager Recovery Test Administrator role.
When you select a role, the hierarchical list displays the privileges that the role includes. Click a privilege in the hierarchical list to see a description of that privilege. You cannot modify the list of privileges that each role includes.
- Select Propagate to Child Objects to apply the selected role to all of the child objects of the inventory objects that this role can affect.
For example, if a role contains privileges to modify folders, selecting this option extends the privileges to all the virtual machines in a folder. You might deselect this option to create a more complex hierarchy of permissions. For example, deselect this option to override the permissions that are propagated from the root of a certain node from the hierarchy tree, but without overriding the permissions of the child objects of that node.
- Click OK to assign the role and its associated privileges to the user or user group.
- Repeat 1 through 8 to assign roles and privileges to the users or user groups on the other Site Recovery Manager site.
You assigned a given Site Recovery Manager role to a user or user group. This user or user group has privileges to perform the actions that the role defines on the objects on the Site Recovery Manager site that you configured.
Combining Site Recovery Manager Roles
You can assign only one role to a user or user group. If a user who is not a vCenter Server administrator requires the privileges of more than one Site Recovery Manager role, you can create multiple user groups. For example, a user might require the privileges to manage recovery plans and to run recovery plans.
Create two user groups.
Assign the Site Recovery Manager Recovery Plans Administrator role to one group.
Assign the Site Recovery Manager Recovery Administrator role to the other group.
Add the user to both user groups.
By being a member of groups that have both the Site Recovery Manager Recovery Plans Administrator and the Site Recovery Manager Recovery Administrator roles, the user can manage recovery plans and run recoveries.