Greetings all.  Looking for some thoughts & guidance on this one-- thanks in advance.

I have a group of folks that I have assigned a custom role I call "Virtual Machine User" with various privileges that essentially amount to Power & Console permissions to VMs at a VMs & Templates Folder view only, in a specific folder.  That group manages the application on the VMs in that folder but they don't manage the VMs themselves (memory/cpu/disk).

I have 2 vCenters in a single SSO domain.  Two clusters-- and active and a DR.  Active cluster is in VC1 and DR cluster is in VC2.  vSphere Replication at both with a Site Pair established.  SRM appliances (8.2) setup in both, with Site Pair established.  Running vSphere 6.7U2.  I have the App VMs in the folder mentioned above already setup in vSR replicating and an SRM Protection Group for them established.

My goal is to grant the App Admins the ability to create & manage the recovery plan and test and perform recovery actions of the VMs mentioned above.

I've gone through the SRM Admin guide and setting up proper permissions here is escaping me.  I don't want to give the app admins full visibility into the vCenters or SRM.  I'd just like them to be able to create/edit/perform their own recovery/plans of the vSR replicated VMs in the protection group I setup.

Any help here?

Thanks!