Users or groups assigned roles within the Site Recovery Manager (SRM) interface (e.g., SRM Administrator) may lack corresponding permissions at the vCenter Server inventory level. This mismatch results in the following issues:

• Users can log in to SRM but cannot see protected inventory objects (Datastores, Networks, or Folders).
• Protection Groups or Recovery Plans appear empty or show 'Insufficient Permissions' errors.
• Permissions assigned in the SRM interface do not appear under the vCenter Server 'Permissions' tab.

• VMware Live Site Recovery (formerly Site Recovery Manager) 8.x, 9.x
• VMware vCenter Server 7.x, 8.x
• vSphere Replication (VR) 8.x, 9.x

Site Recovery Manager and vCenter Server maintain independent permission databases. While SRM leverages vCenter Single Sign-On (SSO) for authentication, assigning a role within the SRM interface does not automatically grant or synchronize privileges to the underlying vCenter Server inventory objects. Users require explicit permissions on both the SRM objects (Recovery Plans, Protection Groups) and the vCenter inventory objects to perform recovery operations.

To resolve the synchronization mismatch, you must manually align the vCenter Server root permissions with the SRM role assignments on both the protected and recovery sites.

Step 1: Align Permissions on the Protected Site

1. Log in to the vSphere Client for the protected site vCenter Server.
2. Select the vCenter Server object at the root of the inventory tree.
3. Navigate to the Permissions tab and select Add.
4. Select the appropriate Domain (e.g., VSPHERE.LOCAL) and search for the required Group (e.g., SRM-Users-Group).
5. Assign the required role (e.g., SRM Administrator or a custom VC Admin role).
   • Note: At a minimum, all SRM users require the System.Read privilege on the vCenter Server root to access the SRM plugin and navigate the inventory.
6. Select the Propagate to children checkbox. This ensures the group can interact with the associated folders, datastores, and networks required for recovery workflows.

Step 2: Maintain Site Symmetry

1. Log in to the paired Recovery Site vCenter Server.
2. Repeat the steps in Step 1 to ensure the group and role mappings match the SRM configuration on the recovery site.
3. Failure to synchronize permissions on the recovery site will result in 'Insufficient Permissions' errors during test failovers or actual recovery operations.