User Access

When you sign up for VMware Cloud Services, and request access to the VMware Cloud Disaster Recovery service, you can begin to invite users to the service. As an organization owner, you can assign roles to your organization users, which grant them then permissions to perform specific operations in VMware Cloud Disaster Recovery.

When you invite other users to the service, you assign them organization roles which specify privileges that an organization member has over organization assets, and service roles, which gives users the permission to access and use the VMware Cloud Disaster Recovery service.

For more information about VMware Cloud Service roles, and how to add them to your users, see Identity and Access Management and Edit User Roles.

Note: When you modify a VMware Cloud Disaster Recovery user roles in the VMware Cloud console, the changes take approximately 15 minutes to be applied. To apply the changes faster, the user can log out and then log back in to the VMware Cloud console, and then access the VMware Cloud Disaster Recovery service.

Organization and VMware Cloud on AWS Service Roles

There are two specific operations in VMware Cloud Disaster Recovery that require a user to have the following roles:

Creating an API token requires the following organization and VMware Cloud on AWS service roles:

  • Organization Role: Organization Owner
  • VMware Cloud on AWS Service Roles:
    • Administrator
    • NSX Cloud Admin

Creating a subscription requires the following organization role:

  • Organization owner

VMware Cloud Disaster Recovery Service Roles

The following table provides an overview of VMware Cloud Disaster Recovery roles and the features each role permits. Match the user role in each column with the capabilities in each row.

Note: VMware Cloud Disaster Recovery roles are additive. For example, if you want a user to create snapshots for backup and also have the ability to configure and run DR plans, you need to assign both DR admin and Backup admin roles to the user account.

 

DR Admin

DR Tester

Backup Admin

SDDC Admin

Auditor

Administrator

Configure API token

(requires either Backup Admin or SDDC Admin)

    X X    

Edit Plans

X

X

     

X

Plan test

X

X

  X  

X

Plan recovery

X

       

X

Edit PGs

   

X

   

X

Replicate and restore

   

X

   

X

Edit protection sites

   

X

   

X

Edit SDDC

     

X

 

X

View compliance checks

X X

X

X

X

X

Reports

X X

X

X

X

X

View data

X X

X

X

X

X

Service Roles and Permitted Operations

The below table provides a more detailed description of all operations permitted for each VMware Cloud Disaster Recovery service role.

Note: If you apply the Administrator or the Auditor roles to a user account, then you cannot add any other roles to the account.

Role

Permitted Operations

Administrator

This user role can perform all operations listed in this table, except for creating an API token and creating a subscripton.

Auditor

  • View the UI read-only:
    Lists, tasks, reports, dialogs (except user management)
  • Create PDF of a compliance report and download it

Note: All other roles include this level of access.

DR admin

DR Plans

  • Create, edit, delete, duplicate DR plans

Test recovery

  • Execute a test recovery
  • Stop a test recovery (no cleanup)
  • Cancel test recovery
  • Roll back test recovery
  • Retry failed tasks for a completed test recovery
  • Retry failed tasks in a step and continue
  • Ignore failure and continue without retry
  • Continue tasks after user confirmation
  • View recovery

Recovery

  • Run recovery
  • Preview recovery
  • Stop an execution task
  • Cancel a recovery
  • Retry failed tasks for a completed recovery operation
  • Retry failed tasks in a step and continue
  • Ignore failures, continue without retry
  • Continue task post user confirmation
  • Commit plan after recovery

Backup admin

API token

  • Configure API token

Protected sites

  • Create, update, delete a protected site
  • Add or remove a DRC connector to/from a protected site
  • Add or remove a vCenter to/from a protected site

Protection groups

  • Create, edit, delete a protection group
  • Activate/deactivateprotection group
  • Snapshots
  • Restore, edit, delete a snapshot

VMs

  • Restore VM

Plan tester

DR Plans

  • Create, edit, delete, duplicate a DR plan

Test recovery

  • Run a test recovery
  • Stop a test recovery
  • Cancel a test recovery
  • Rollback a test recovery
  • Retry failed tasks
  • Ignore failed tasks

Alarms

  • Clear alarms

SDDC admin

SDDCs

  • Configure an API token
  • Create and delete an SDDC
  • Add, rename, or delete a network on an SDDC
  • Request a new public IP address
  • Rename or delete a public IP address
  • Add, remove hosts
  • Add, edit, delete NAT rules
  • Add, edit, delete new firewall rules

API token

  • Configure API token