Users who complete temporary placeholder mappings when the protected site is unavailable might gain access to virtual machines that they should not.

Problem

The protected site is unavailable during a disaster recovery and Site Recovery Manager creates temporary placeholder mappings. The user who runs the recovery plan completes the temporary placeholder mappings and reruns the plan. After the recovery, the user has access to virtual machines on the recovery site that they did not have permission to access on the protected site.

  • A user runs a disaster recovery when the protected site is unavailable.
  • The user does not have permission to access all of the inventory objects on the protected site.
  • Site Recovery Manager detects missing mappings, and creates temporary placeholder mappings that include objects on the protected site that the user does not have permission to access.
  • The user configures the target mappings from the objects on the protected site to objects on the recovery site to which they do have access.
  • After the recovery, because the recovered virtual machines use resources on the recovery site that the user has permission to access, the user can access virtual machines that they did not have permission to access when those virtual machines were on the protected site.

Cause

If the protected site is unavailable, Site Recovery Manager cannot perform permission checks on inventory objects on the protected site before it uses them to create temporary placeholder mappings.

Solution

Verify that users who have permission to run recovery plans also have permission to access all of the objects on both sites.