Hello we have two sites with two vcenter servers and SRM with twin versions so all ok there. We would like to implement a DR scenario for multiple independent offices. These parties we'll need to create and run their own Recovery Plans. However we need to provide these parties enough credentials to view and manage only what is theirs. I have read these two VMware documents and in the second one I read:
1. Managing Permissions in a Shared Recovery Site Configuration
2. Site Recovery Manager Roles Reference
<All users must have at least the privilege on the root folders of vCenter Server and the Site Recovery Manager root nodes on both sites.>
Now what does that mean exactly? That the read permission has to be applied to the top root of the vcenter server? Or to the top root of their own folders in the vcenter server VM view in the client? If it is the first assumption the users will have permissions to view other parties VMs and Hosts. In our environment the parties we manage don't have dedicated Clusters. So we should have a dedicated vcenter server for each of our party/customer?
Does anyone have experience with SRM and shared permissions. We obviously will retain the SRM administrator role, however what leaves in doubt is the statement that "All users must have at least the System > Read etc...." so probably it seems that SRM is not the right product for our scenario and maybe the vSphere RM would be a better solution.
many thanks in advance!
.g