When setting up user access, you assign your users roles so that they can perform specific tasks with VMware Live Recovery.

Each role has a specific set of operations associated with it, so when a user is assigned a role, the user can perform all operations associated with that role.

Initially, you need to assign at least one user the VMware Cloud Organization Owner, which gives full administrative access to all resources in the Organization. Organization Owner users can do such things as invite users, grant user roles and permissions, configure API tokens, and even self-assign roles to themselves.

You must also grant your Organization Owner user these two VMware Cloud on AWS roles:
  • Administrator, which provides full cloud administrator rights to all VMware Cloud on AWS features.
  • NSX Cloud Admin, which allows a user to perform tasks related to deployment and administration of the NSX service.
For VMware Live Recovery, there are two types of service roles you can grant users:
  • Administrative roles, which allow you to deploy both VMware Live Cyber Recovery and VMware Live Site Recovery and create subscriptions.
  • End user roles, which allow users to perform operations with VMware Live Cyber Recovery. Using VMware Live Site Recovery does not require any roles at this time. But the Global Console Admin role is needed to connect two paired VMware Live Site Recovery on-premises sites with VMware Live Recovery.

VMware Live Recovery Administrative Roles

The following table describes all roles and operations related to deploying VMware Live Cyber Recovery, connecting two paired VMware Live Site Recovery on-premises sites with VMware Live Recovery, and creating and managing subscriptions within the Global Console.
Role/Capability Global Console Admin Deployment Admin (activation) Deployment Admin (deactivation) Subscription Admin

Can complete cloud pairing between to sites (VMware Live Site Recovery)

 Check mark icon.

Can convert to cloud licensing (VMware Live Site Recovery)

 Check mark icon.
Can create, update, remove offline license for VMware Live Site Recovery Check mark icon.
Can authorize creation of OAuth apps to authorize VMware Live Cyber Recovery to access VMware Cloud Services and VMware Cloud on AWS. Check mark icon. Organization owner role also required.

View existing deployments and their metadata.

 Check mark icon. Check mark icon. Check mark icon.

Create a new VMware Live Cyber Recovery deployment in any of the supported regions.

 Check mark icon. Check mark icon.

Delete a partial/failed deployment.

 Check mark icon. Check mark icon.

Delete any of the existing deployments in any of the regions.

 Check mark icon.

View term subscriptions and pricing

 Check mark icon. Check mark icon.

Create new subscriptions

 Check mark icon. Check mark icon.

VMware Live Recovery End User Roles

For a full list of end user roles and permissions for using VMware Live Cyber Recovery, see VMware Live Cyber Recovery End User Roles.

Using VMware Live Site Recovery does not require any end user roles at this time. Only the Global Console Admin role is needed to connect two paired VMware Live Site Recovery on-premises sites with VMware Live Recovery.