I have set up Site A and Site B SRM and vSphere Replication. Everything works fine if I am logged on as a admin to vcenter. Both sites are linked to the same AD and I'm using LDAP to populate the global permissions.
Both sites have the same permissions configured as Global Permissions at the top level. So, VRM virtual machine replication user is configured the same on both sites. At the root folder with propagate on. I also have the VRM target datastore user role assigned to the datastore in Site B
The issue I have, is if I logon as a user, without vcenter admins, I get permission denied when I try and add a new replication. I can remove existing replications without issue. When I attempt to create a Site A to Site B replication, the incoming replication gets created on site B, but no outgoing connection on Site A. Which , I assume , is down to the NoPermission error.
Since it's the same AD and the same AD group is added to the roles , the user account has the same rights in both Site A and Site B vcenters.
Since it is a permissions issue, I decided to make the user a member of the VRM admins role on both sites. Still the same. That role is also added as Global Permission at the top level in vcenter.
I've looked in the hms.log on the VSRM and all I get is the same message "Permission to perform this operation is denied". No clue as to why or which privilege I am missing.
Any ideas anyone?
The user account has access to vcenter with full access to virtual machines only from the root.