Roles for performing local and remote replication actions

Users gain access to a storage system or component either directly through a role assignment and/or indirectly through membership in a user group that has a role assignment.

The following table details the roles that are required to perform local and remote replication actions.

NOTE: Multiple Yesses imply that both are needed, for example, Link Snapshot requires the user to have Local Replication rights on the snapshot device and Device Manager rights on the link device.

NOTE: Unisphere for PowerMax does not support RBAC device group management.

Table 1. Permissions for Local Replication, Remote Replication, and Device Management roles
Permissions	Local Replication	Remote Replication	Device Manager
Protection Wizard - Create SnapVx Snapshot	Yes ^(a)	No	No
Create Snapshot	Yes ^(a)	No	No
Edit Snapshot	Yes	No	No
Link Snapshot	Yes ^(b) ^(c)	No	Yes ^(d)
Relink Snapshot	Yes ^(b) ^(c)	No	Yes ^(d)
Restore Snapshot	Yes ^(b)	No	Yes ^(b)
Set Time To Live	Yes	No	No
Set Mode	Yes ^(b)	No	Yes ^(d)
Terminate Snapshot	Yes	No	No
Unlink Snapshot	Yes ^(b)	No	Yes ^(d)
SRDF Delete	No	Yes	No
SRDF Establish	No	Yes	No
SRDF Failback	No	Yes	No
SRDF Failover	No	Yes	No
SRDF Invalidate	No	Yes	No
SRDF Move	No	Yes	No
SRDF Not Ready	No	Yes	No
SRDF R1 Update	No	Yes	No
SRDF Ready	No	Yes	No
SRDF Refresh	No	Yes	No
SRDF Restore	No	Yes	No
SRDF Resume	No	Yes	No
SRDF RW Disable R2	No	Yes	No
SRDF RW Enable	No	Yes	No
SRDF Set Bias	No	Yes	No
SRDF Set Consistency	No	Yes	No
SRDF Set Mode	No	Yes	No
SRDF Set SRDF/A	No	Yes	No
SRDF Split	No	Yes	No
SRDF Suspend	No	Yes	No
SRDF Swap	No	Yes	No
SRDF Write Disable	No	Yes	No

(a) - Set Secure is blocked for users who only have Local_REP rights.

(b) - The user must have the specified rights on the source volumes.

(c) - The user may only choose existing storage groups to link to. Creating a storage group requires Storage Admin rights.

(d) - The user must have the specified rights on the link volumes.