Managing Privileges, Roles, and Authorizable Entities
After Zerto role-based permissions has been enabled, the Permissions tab displays entities within the Zerto Cloud Manager, the users and groups within an entity, and the roles they have been assigned. Zerto recommends that you assign certain privileges to certain entities. The following table shows which privileges can affect specific entities.
These privileges… | Can affect these entities |
---|---|
Manage sites and Manage VRAs |
Zerto Cloud Manager One, some, or all sites |
Manage VPGs, Perform test failovers, Perform live failovers and moves |
Zerto Cloud Manager One, some, or all ZORGs and the No ZORG entity |
View only | All VPGs |
The entities are:
• | Zerto Cloud Manager: The root of all entities. Permissions assigned to the Zerto Cloud Manager are, by default, assigned to all entities. |
• | All sites: Permissions assigned to the entity All Sites are, by default, assigned to all sites. |
• | A specific site: A particular site with permissions assigned to it. |
• | All ZORGs: Permissions assigned to the entity All ZORGs are, by default, assigned to all ZORGs. |
• | A specific ZORG: A particular ZORG with permissions assigned to it. By default, all of the permissions assigned to this ZORG are assigned to the VPGs that are associated to this ZORG. |
• | No ZORG: This category represents VPGs that are not associated with a ZORG. Permissions assigned to the entity No ZORG are, by default, assigned to all VPGs that are not associated with a ZORG. |
• | A specific VPG: A particular VPG with permissions assigned to it. |
The entities are displayed as follows:
Certain functions are site level functions and other functions are VPG level functions, as follows:
Site Level Functions |
---|
Manage sites |
Pair sites |
Unpair sites |
Manage a VRA |
Create a VRA |
Edit a VRA |
Delete a VRA |
Upgrade a VRA |
Change the recovery VRA of a VM |
Change host password |
VPG Level Functions |
---|
Manage a VPG |
Create a VPG |
Edit a VPG |
Delete a VPG |
Export a VPG |
View VPGs |
Test failover a VPG |
Stop a failover test |
Move a VPG |
Failover a VPG |
Back up a VPG |
Stop a backup |
Add a checkpoint |
To define user or group permissions
To edit user or group roles and permissions
To delete a permission from a user or group
2. | Click a Zerto entity to display its users and groups, and the roles assigned to them. |
3. | To add permissions to a user or group, click ADD PERMISSION. |
The Add Permission dialog is displayed.
4. | Browse to the available users and groups in the local Active Directory. |
The Select User/Group dialog is displayed.
5. | Select the domain and enter at least two characters in the Search field. |
6. | Click Enter to display the list of users and groups in the domain that meet your search criteria. |
7. | Select the user or group to which you want to add permissions and click SELECT. |
The Add Permission dialog is displayed.
8. | Select the role to be assigned to the user or group. |
The privileges associated with the role are displayed.
9. | Click SAVE. |
The updated list of users and groups and their roles is displayed.
To edit user or group roles and permissions
1. | Select the Permissions tab and then select the entity that contains the user or group you want to edit. |
Note: | You can only edit a permission in the entity to which it was defined, and not on its child entities |
2. | Select the user or group within the entity whose permissions you want to edit. |
3. | Click EDIT. |
The Edit Permission dialog is displayed.
4. | Select the role to assign to the user or group and click SAVE. |
The updated role of the user or group is displayed.
To delete a permission from a user or group
1. | Select the Permissions tab and then select the authorizable entity that contains the user or group with a permission you want to delete. |
2. | Select the user or group within the entity with a permission you want to delete. |
3. | Click DELETE. |
A warning is displayed that asks you to confirm the delete.
4. | Click YES. |
The permission assigned to the user or group is removed.