System Center Data Protection Manager (DPM) allows you to authorize SQL Server database owners to recover their databases without intervention from the backup administrator. To do this, the administrator must create and manage DPM roles. A DPM role allows backup administrators to control what an end-user can recover and which instances of SQL Server they can recover to.
The following are DPM roles in DPM Self-Service Recovery Tool (SSRT) for SQL Server:
- Users: A security group that represents a set
of end users.
- Objects: SQL Server instances and
databases.
- Recovery Locations: Permissions for original
location recovery or alternate location recovery.
You can create and manage roles through the DPM Self-Service Recovery Configuration Tool or by using the cmdlets in DPM Management Shell.
To create user roles use the configuration tool
-
Click Create Role… to start the DPM Role Configuration Wizard.
-
The wizard will guide you through the process of creating user roles and assign permissions.
To create user roles by using DPM Management Shell cmdlets
-
Create a DPM role.
Copy Code New-DPMRole [-Name] <String> [-DPMServerName] <String> [[-Description] <String>] [<CommonParameters>]
-
Identify and associate the security group that represents your end users to the DPM role.
Copy Code Add-DPMSecurityGroup [-SecurityGroups] <String> [-DpmRole] <DPMRole> [<CommonParameters>]
Note DPM allows end-users in this security group to recover the databases added as recovery items, regardless of what permissions are configured for them on the SQL Server instances. -
Identify items that members of the user role can recover and add them to the role.
Copy Code Add-DPMRecoveryItem [-Datasources] <SQLDataSource> [-Type] <AmDatasourceType> [-DpmRole] <DPMRole> [<CommonParameters>]
-
Identify and add the SQL Server instances that can be used as targets for performing alternate instance recovery to the DPM Role.
- Create a recovery target object.
Copy Code New-DPMRecoveryTarget [-Type] <AmDatasourceType> [-RecoveryTarget] <String> [-RecoveredFilesPath] <String> [<CommonParameters>]
- Add the recovery target object to the role.
Copy Code Add-DPMRecoveryTarget [-DpmRole] <DPMRole> [-RecoveryTargets] <TargetRecoveryItem> [<CommonParameters>]
- Create a recovery target object.
-
Save the new DPM role.
Copy Code Set-DPMRole [-DpmRole] <DPMRole> [-Confirm] [<CommonParameters>]