During the installation of VMware Live Site Recovery, users with the vCenter Server administrator role are granted the administrator role on VMware Live Site Recovery. Currently, only vCenter Server administrators can log in to VMware Live Site Recovery, unless they explicitly grant access to other users.

To allow other users to access VMware Live Site Recovery, vCenter Server administrators must grant them permissions in the VMware Live Site Recovery user interface. You assign site-wide permission assignments on a per-site basis. You must add corresponding permissions on both sites.

VMware Live Site Recovery requires permissions on vCenter Server objects and on VMware Live Site Recovery objects. To configure permissions on the remote vCenter Server installation, start another instance of the vSphere Client. You can change VMware Live Site Recovery permissions from the same VMware Live Site Recovery user interface on both sites after you connect the protected and recovery sites.

VMware Live Site Recovery augments vCenter Server roles and permissions with additional permissions that allow detailed control over VMware Live Site Recovery specific tasks and operations. For information about the permissions that each VMware Live Site Recovery role includes, see VMware Live Site Recovery Roles Reference.

Procedure

  1. In the vSphere Client, click Site Recovery > Open Site Recovery.
  2. On the Live Site Recovery home tab, select a site pair, and click View Details.
  3. On the left pane click Permissions, select a site, and click Add.
    1. From the Domain drop-down menu, select the domain that contains the user or group.
    2. Enter the name of the specific User/Group or search for a User/Group from the User/Group list, and select it.
      By default the vCenter Single Sign-On returns a maximum of 5000 rows, distributed in two halves. One half for the user and the other half for the Solution Users and Groups. You can change that setting from the vCenter Server advance settings.
    3. Select a role from the Role drop-down menu to assign to the user or user group.
      The Role drop-down menu includes all the roles that vCenter Server and its plug-ins make available. VMware Live Site Recovery adds several roles to vCenter Server.
      Option Action
      Allow a user or user group to perform all VMware Live Site Recovery configuration and administration operations. Assign the SRM Administrator role.
      Allow a user or user group to manage and modify protection groups and to configure protection on virtual machines. Assign the SRM Protection Groups Administrator role.
      Allow a user or user group to perform recoveries and test recoveries. Assign the SRM Recovery Administrator role.
      Allow a user or user group to create, modify, and test recovery plans. Assign the SRM Recovery Plans Administrator role.
      Allow a user or user group to test recovery plans. Assign the SRM Recovery Test Administrator role.
  4. Select Propagate to Children to apply the selected role to all the child objects of the inventory objects that this role can affect.
    For example, if a role contains privileges to modify folders, selecting this option extends the privileges to all the virtual machines in a folder. You might deselect this option to create a more complex hierarchy of permissions. For example, deselect this option to override the permissions that are propagated from the root of a certain node from the hierarchy tree, but without overriding the permissions of the child objects of that node.
  5. Click Add to assign the role and its associated privileges to the user or user group.
  6. Repeat Step 3 through Step 5 to assign roles and privileges to the users or user groups on the other VMware Live Site Recovery site.

Results

You assigned a given VMware Live Site Recovery role to a user or user group. This user or user group has privileges to perform the actions that the role defines on the objects on the VMware Live Site Recovery site that you configured.

Example: Combining VMware Live Site Recovery Roles

You can assign only one role to a user or user group. If a user who is not a vCenter Server administrator requires the privileges of more than one VMware Live Site Recovery role, you can create multiple user groups. For example, a user might require the privileges to manage recovery plans and to run recovery plans.

  1. Create two user groups.
  2. Assign the SRM Recovery Plans Administrator role to one group.
  3. Assign the SRM Recovery Administrator role to the other group.
  4. Add the user to both user groups.

By being a member of groups that have both the SRM Recovery Plans Administrator and the SRM Recovery Administrator roles, the user can manage recovery plans and run recoveries.