Read-only user in vCenter cannot view Replication Information in the Site Recovery Manager UI
search cancel

Read-only user in vCenter cannot view Replication Information in the Site Recovery Manager UI

book

Article ID: 433054

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

A user account with Read-only permissions in vCenter is able to log in to VMware Site Recovery Manager (SRM) through the vCenter vSphere Client.

However, after accessing the Site Recovery interface, the user is unable to view replication-related information. The Replication tab is missing, and a red alert message such as the following appears at the top of the page:

"Unable to retrieve pairs from extension server at https://<VR-FQDN>:8043. Permission to perform this operation was denied."

Environment

 

  • VMware Site Recovery Manager (SRM)

  • VMware vSphere Replication

  • VMware vCenter Server

 

Cause

The Read-only role in vCenter does not include the privileges required to view replication information managed by vSphere Replication.

Replication visibility in SRM requires specific VRM (vSphere Replication Management) privileges. Users assigned only the Read-only role do not have these privileges and therefore cannot see replication information in the SRM UI.

Resolution

To allow a user to view replication information in SRM, assign the "VRM replication viewer" role as a Global Permission in vCenter.

Correct configuration

  1. Log in to vCenter using an administrative account.
  2. Navigate to
    Menu → Administration → Global Permissions
  3. Add the user and assign the role "VRM replication viewer"
  4. If the user was previously assigned permissions on inventory objects (for example Datacenter, Cluster, or Folder), remove those permissions before adding the Global Permission. Permissions assigned only at the inventory level will not allow the user to view replication information in the SRM interface.

Additional Information

Important notes: 

  1. Using the Read-only role alone is not sufficient

    A user with only the Read-only role cannot view replication information in the SRM interface.

  2. The role must be assigned as a Global Permission

    The VRM replication viewer role must be granted at the Global Permissions level in vCenter for the user to access replication information.

  3. Assigning permissions on inventory objects is not sufficient

    Granting the VRM replication viewer role on inventory objects such as:

    Datacenter
    Cluster
    Folder

    will not allow the user to view replication information in the SRM UI.
Powered by Wolken Software