The System Center Data Protection Manager (DPM) allows you to authorize SQL Server database owners to recover their databases without intervention from the backup administrator. To do this, the administrator must create and manage DPM roles. A DPM role allows backup administrators to control what an end-user can recover and which instances of SQL Server they can recover to. The following are DPM roles in DPM Self-Service Recovery Configuration Tool for SQL Server:
- Users: A security group that represents a set
of end users.
- Objects: SQL Server databases that can be
recovered and instances of SQL Server that have been identified for
an alternate instance recovery.
- Recovery permissions for alternate instance
recovery.
You can create and manage roles through DPM Self-Service Recovery Configuration Tool or by using the cmdlets in DPM Management Shell.
Modifying User Roles Using the Configuration Tool
To modify user roles using the configuration tool
-
Select the user role you want to modify.
-
Click Modify to start the DPM Role Configuration Wizard.
-
The wizard will guide you through the process of modifying user roles and assigning permissions.
Modifying User Roles Using DPM Management Shell Cmdlets
To rename a user role
-
Open the DPM role for editing.
Copy Code Get-DPMRole [[-Name] <String>] [-DPMServerName] <String> [-Editable <SwitchParameter>] [<CommonParameters>]
-
Rename the DPM role.
Copy Code Rename-DPMRole [[-Name] <String>] [[-Description] <String>] [-DpmRole] <DPMRole> [<CommonParameters>]
-
Save the changes.
Copy Code Set-DPMRole [-DpmRole] <DPMRole> [-Confirm] [<CommonParameters>]Set-DPMRole -DpmRole $Role
To revoke permissions to a target location
-
Open the DPM role for editing.
Copy Code Get-DPMRole [[-Name] <String>] [-DPMServerName] <String> [-Editable <SwitchParameter>] [<CommonParameters>]
-
Remove the target location from the list of authorized recovery locations.
Copy Code Remove-DPMRole [-DpmRole] <DPMRole> [<CommonParameters>]
Note FQDN is required while removing. -
Save the changes.
Copy Code Set-DPMRole [-DpmRole] <DPMRole> [-Confirm] [<CommonParameters>]Set-DPMRole -DpmRole $Role