Creating a User Role

System Center Data Protection Manager (DPM) allows you to authorize SQL Server database owners to recover their databases without intervention from the backup administrator. To do this, the administrator must create and manage DPM roles. A DPM role allows backup administrators to control what an end-user can recover and which instances of SQL Server they can recover to.

The following are DPM roles in DPM Self-Service Recovery Tool (SSRT) for SQL Server:

Users: A security group that represents a set of end users.
Objects: SQL Server instances and databases.
Recovery Locations: Permissions for original location recovery or alternate location recovery.

You can create and manage roles through the DPM Self-Service Recovery Configuration Tool or by using the cmdlets in DPM Management Shell.

To create user roles use the configuration tool

Click Create Role… to start the DPM Role Configuration Wizard.
The wizard will guide you through the process of creating user roles and assign permissions.

To create user roles by using DPM Management Shell cmdlets

Create a DPM role.

	Copy Code
New-DPMRole [-Name] <String> [-DPMServerName] <String> [[-Description] <String>] [<CommonParameters>]

Identify and associate the security group that represents your end users to the DPM role.
Copy Code
Add-DPMSecurityGroup [-SecurityGroups] <String> [-DpmRole] <DPMRole> [<CommonParameters>]
Note

DPM allows end-users in this security group to recover the databases added as recovery items, regardless of what permissions are configured for them on the SQL Server instances.

	Copy Code
Add-DPMSecurityGroup [-SecurityGroups] <String> [-DpmRole] <DPMRole> [<CommonParameters>]

Note
DPM allows end-users in this security group to recover the databases added as recovery items, regardless of what permissions are configured for them on the SQL Server instances.

Identify items that members of the user role can recover and add them to the role.

	Copy Code
Add-DPMRecoveryItem [-Datasources] <SQLDataSource> [-Type] <AmDatasourceType> [-DpmRole] <DPMRole> [<CommonParameters>]

Identify and add the SQL Server instances that can be used as targets for performing alternate instance recovery to the DPM Role.

Create a recovery target object.

	Copy Code
New-DPMRecoveryTarget [-Type] <AmDatasourceType> [-RecoveryTarget] <String> [-RecoveredFilesPath] <String> [<CommonParameters>]

Add the recovery target object to the role.

	Copy Code
Add-DPMRecoveryTarget [-DpmRole] <DPMRole> [-RecoveryTargets] <TargetRecoveryItem> [<CommonParameters>]

Save the new DPM role.

	Copy Code
Set-DPMRole [-DpmRole] <DPMRole> [-Confirm] [<CommonParameters>]