During the installation of Site Recovery Manager, users with the vCenter Server administrator role are granted the administrator role on Site Recovery Manager. Currently, only vCenter Server administrators can log in to Site Recovery Manager, unless they explicitly grant access to other users.
To allow other users to access Site Recovery Manager, vCenter Server administrators must grant them permissions in the Site Recovery Manager user interface. You assign site-wide permission assignments on a per-site basis. You must add corresponding permissions on both sites.
Site Recovery Manager requires permissions on vCenter Server objects and on Site Recovery Manager objects. To configure permissions on the remote vCenter Server installation, start another instance of the vSphere Client. You can change Site Recovery Manager permissions from the same Site Recovery Manager user interface on both sites after you connect the protected and recovery sites.
Site Recovery Manager augments vCenter Server roles and permissions with additional permissions that allow detailed control over Site Recovery Manager specific tasks and operations. For information about the permissions that each Site Recovery Manager role includes, see Site Recovery Manager Roles Reference.
- In the vSphere Client, click .
- On the Site Recovery home tab, select a site pair, and click View Details.
- On the left pane click Permissions, select a site, and click Add.
- From the Domain drop-down menu, select the domain that contains the user or group.
- Enter the name of the specific User/Group or search for a User/Group from the User/Group list, and select it.
By default the vCenter Single Sign-On returns a maximum of 5000 rows, distributed in two halves. One half for the user and the other half for the Solution Users and Groups. You can change that setting from the vCenter Server advance settings.
- Select a role from the Role drop-down menu to assign to the user or user group.
The Role drop-down menu includes all the roles that vCenter Server and its plug-ins make available. Site Recovery Manager adds several roles to vCenter Server.
Option Action Allow a user or user group to perform all Site Recovery Manager configuration and administration operations. Assign the SRM Administrator role. Allow a user or user group to manage and modify protection groups and to configure protection on virtual machines. Assign the SRM Protection Groups Administrator role. Allow a user or user group to perform recoveries and test recoveries. Assign the SRM Recovery Administrator role. Allow a user or user group to create, modify, and test recovery plans. Assign the SRM Recovery Plans Administrator role. Allow a user or user group to test recovery plans. Assign the SRM Recovery Test Administrator role.
- Select Propagate to Children to apply the selected role to all the child objects of the inventory objects that this role can affect.
For example, if a role contains privileges to modify folders, selecting this option extends the privileges to all the virtual machines in a folder. You might deselect this option to create a more complex hierarchy of permissions. For example, deselect this option to override the permissions that are propagated from the root of a certain node from the hierarchy tree, but without overriding the permissions of the child objects of that node.
- Click Add to assign the role and its associated privileges to the user or user group.
- Repeat Step 3 through Step 5 to assign roles and privileges to the users or user groups on the other Site Recovery Manager site.
Example: Combining Site Recovery Manager Roles
You can assign only one role to a user or user group. If a user who is not a vCenter Server administrator requires the privileges of more than one Site Recovery Manager role, you can create multiple user groups. For example, a user might require the privileges to manage recovery plans and to run recovery plans.
- Create two user groups.
- Assign the SRM Recovery Plans Administrator role to one group.
- Assign the SRM Recovery Administrator role to the other group.
- Add the user to both user groups.
By being a member of groups that have both the SRM Recovery Plans Administrator and the SRM Recovery Administrator roles, the user can manage recovery plans and run recoveries.