Managing Privileges, Roles, and Authorizable Entities

After Zerto role-based permissions has been enabled, the Permissions tab displays entities within the Zerto Cloud Manager, the users and groups within an entity, and the roles they have been assigned. Zerto recommends that you assign certain privileges to certain entities. The following table shows which privileges can affect specific entities.

These privileges… Can affect these entities
Manage sites and Manage VRAs

Zerto Cloud Manager

One, some, or all sites

Manage VPGs, Perform test failovers, Perform live failovers and moves

Zerto Cloud Manager

One, some, or all ZORGs and the No ZORG entity

View only All VPGs

The entities are:

Zerto Cloud Manager: The root of all entities. Permissions assigned to the Zerto Cloud Manager are, by default, assigned to all entities.
All sites: Permissions assigned to the entity All Sites are, by default, assigned to all sites.
A specific site: A particular site with permissions assigned to it.
All ZORGs: Permissions assigned to the entity All ZORGs are, by default, assigned to all ZORGs.
A specific ZORG: A particular ZORG with permissions assigned to it. By default, all of the permissions assigned to this ZORG are assigned to the VPGs that are associated to this ZORG.
No ZORG: This category represents VPGs that are not associated with a ZORG. Permissions assigned to the entity No ZORG are, by default, assigned to all VPGs that are not associated with a ZORG.
A specific VPG: A particular VPG with permissions assigned to it.

The entities are displayed as follows:

Certain functions are site level functions and other functions are VPG level functions, as follows:

Site Level Functions
Manage sites
Pair sites
Unpair sites
Manage a VRA
Create a VRA
Edit a VRA
Delete a VRA
Upgrade a VRA
Change the recovery VRA of a VM
Change host password

 

VPG Level Functions
Manage a VPG
Create a VPG
Edit a VPG
Delete a VPG
Export a VPG
View VPGs
Test failover a VPG
Stop a failover test
Move a VPG
Failover a VPG
Back up a VPG
Stop a backup
Add a checkpoint

To define user or group permissions

To edit user or group roles and permissions

To delete a permission from a user or group

To define user or group permissions

1. Select the Permissions tab.

2. Click a Zerto entity to display its users and groups, and the roles assigned to them.

3. To add permissions to a user or group, click ADD PERMISSION.

The Add Permission dialog is displayed.

4. Browse to the available users and groups in the local Active Directory.

The Select User/Group dialog is displayed.

5. Select the domain and enter at least two characters in the Search field.
6. Click Enter to display the list of users and groups in the domain that meet your search criteria.

7. Select the user or group to which you want to add permissions and click SELECT.

The Add Permission dialog is displayed.

8. Select the role to be assigned to the user or group.

The privileges associated with the role are displayed.

9. Click SAVE.

The updated list of users and groups and their roles is displayed.

To edit user or group roles and permissions

1. Select the Permissions tab and then select the entity that contains the user or group you want to edit.
Note: You can only edit a permission in the entity to which it was defined, and not on its child entities
2. Select the user or group within the entity whose permissions you want to edit.

3. Click EDIT.

The Edit Permission dialog is displayed.

4. Select the role to assign to the user or group and click SAVE.

The updated role of the user or group is displayed.

To delete a permission from a user or group

1. Select the Permissions tab and then select the authorizable entity that contains the user or group with a permission you want to delete.
2. Select the user or group within the entity with a permission you want to delete.

3. Click DELETE.

A warning is displayed that asks you to confirm the delete.

4. Click YES.

The permission assigned to the user or group is removed.