How VMware Live Site Recovery Handles Permissions

VMware Live Site Recovery determines whether a user has permission to perform an operation, such as configuring protection or running the individual steps in a recovery plan. This permission check ensures the correct authentication of the user, but it does not represent the security context in which the operation is performed.

VMware Live Site Recovery performs operations in the security context of the user ID that is used to connect the sites, or in the context of the ID under which the VMware Live Site Recovery service is running, for example, the local system ID.

After VMware Live Site Recovery verifies that a user has the appropriate permissions on the target vSphere resources, VMware Live Site Recovery performs operations on behalf of users by using the vSphere administrator role.

For operations that configure protection on virtual machines, VMware Live Site Recovery validates the user permissions when the user requests the operation. Operations require two phases of validation.

During configuration, VMware Live Site Recovery verifies that the user configuring the system has the correct permissions to complete the configuration on the vCenter Server object. For example, a user must have permission to protect a virtual machine and use resources on the secondary vCenter Server instance that the recovered virtual machine uses.
The user performing the configuration must have the correct permissions to complete the task that they are configuring. For example, a user must have permissions to run a recovery plan. VMware Live Site Recovery then completes the task on behalf of the user as a vCenter Server administrator.

As a result, a user who completes a particular task, such as a recovery, does not necessarily require permissions to act on vSphere resources. The user only requires the permission to run a recovery in VMware Live Site Recovery. VMware Live Site Recovery performs the operations by using the user credentials that you provide when you connect the protected and recovery sites.

VMware Live Site Recovery maintains a database of permissions for internal VMware Live Site Recovery objects that uses a model similar to the one the vCenter Server uses. VMware Live Site Recovery verifies its own VMware Live Site Recovery privileges even on vCenter Server objects. For example, VMware Live Site Recovery checks for the Resource.Recovery Use permission on the target datastore rather than checking multiple low-level permissions, such as Allocate space. VMware Live Site Recovery also verifies the permissions on the remote vCenter Server instance.

To use VMware Live Site Recovery with vSphere Replication, you must assign vSphere Replication roles to users as well as VMware Live Site Recovery roles. For information about vSphere Replication roles, see vSphere Replication Administration.