VMware Live Site Recovery includes a set of roles. Each role includes a set of privileges, which allow users with those roles to complete different actions.

Roles can have overlapping sets of privileges and actions. For example, the VMware Live Site Recovery Administrator role and the VMware Live Site Recovery Protection Groups Administrator have the Create privilege for protection groups. With this privilege, the user can complete one aspect of the set of tasks that make up the management of protection groups.

Assign roles to users on VMware Live Site Recovery objects consistently on both sites, so that protected and recovery objects have identical permissions.

All users must have at least the System.Read privilege on the root folders of vCenter Server and the VMware Live Site Recovery root nodes on both sites.

Note: If you uninstall VMware Live Site Recovery Server, VMware Live Site Recovery removes the default VMware Live Site Recovery roles but the VMware Live Site Recovery privileges remain. You can still see and assign VMware Live Site Recovery privileges on other roles after uninstalling VMware Live Site Recovery. This is standard vCenter Server behavior. Privileges are not removed when you unregister an extension from vCenter Server.
Table 1. VMware Live Site Recovery Roles
Role Actions that this Role Permits Privileges that this Role Includes Objects in vCenter Server Inventory that this Role Can Access
VMware Live Site Recovery Administrator

The VMware Live Site Recovery Administrator grants permission to perform all VMware Live Site Recovery configuration and administration operations.

  • Configure advanced settings.
  • Configure connections.
  • Configure inventory preferences.
  • Configure placeholder datastores.
  • Configure array managers.
  • Manage protection groups.
  • Manage recovery plans.
  • Run recovery plans.
  • Perform reprotect operations.
  • Configure protection on virtual machines.
  • Edit protection groups.
  • Remove protection groups.
  • View storage policy objects.

The VMware Live Site Recovery Administrator user cannot edit inherited permissions. To restrict the access of a specific user or to grant access to a user, the VMware Live Site Recovery Administrator must add a new role.

Site Recovery Manager.Advanced Settings.Modify

Site Recovery Manager.Array Manager.Configure

Site Recovery Manager.Diagnostics.Export

Site Recovery Manager.Internal.Internal Access

Site Recovery Manager.Inventory Preferences.Modify

Site Recovery Manager.Placeholder Datastores.Configure

Site Recovery Manager.Protection Group.Assign to Plan

Site Recovery Manager.Protection Group.Create

Site Recovery Manager.Protection Group.Modify

Site Recovery Manager.Protection Group.Remove

Site Recovery Manager.Protection Group.Remove from Plan

Site Recovery Manager.Recovery History.Delete History

Site Recovery Manager.Recovery History .View Deleted Plans

Site Recovery Manager.Recovery Plan.Configure commands

Site Recovery Manager.Recovery Plan.Create

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Recovery

Site Recovery Manager.Recovery Plan.Remove

Site Recovery Manager.Recovery Plan.Reprotect

Site Recovery Manager.Recovery Plan.Test

Site Recovery Manager.Remote Site.Modify

Datastore.Replication.Protect

Datastore.Replication.Unprotect.Stop

Resource.Recovery Use

Virtual Machine. SRM Protection.Protect

Virtual Machine. SRM Protection.Stop

Site Recovery Manager.Profile-driven storage.Profile-driven storage view

  • Virtual machines
  • Datastores
  • vCenter Server folders
  • Resource pools
  • VMware Live Site Recovery service instances
  • Networks
  • VMware Live Site Recovery folders
  • Protection groups
  • Recovery plans
  • Array managers
VMware Live Site Recovery Protection Groups Administrator

The VMware Live Site Recovery Protection Groups Administrator role allows users to manage protection groups.

  • Create protection groups.
  • Modify protection groups.
  • Add virtual machines to protection groups.
  • Delete protection groups.
  • Configure protection on virtual machines.
  • Remove protection from virtual machines.

Users with this role cannot perform or test recoveries or create or modify recovery plans.

Site Recovery Manager.Protection Group.Create

Site Recovery Manager.Protection Group.Modify

Site Recovery Manager.Protection Group.Remove

Datastore.Replication.Protect

Datastore.Replication.Unprotect.Stop

Resource.Recovery Use

Virtual Machine. SRM Protection.Protect

Virtual Machine. SRM Protection.Stop

  • VMware Live Site Recovery folders
  • Protection groups
VMware Live Site Recovery Recovery Administrator

The VMware Live Site Recovery Recovery Administrator role allows users to perform recoveries and reprotect operations.

  • Remove protection groups from recovery plans.
  • Test recovery plans.
  • Run recovery plans.
  • Run reprotect operations.
  • Configure custom command steps on virtual machines.
  • View deleted recovery plans.
  • Edit virtual machine recovery properties.

Users with this role cannot configure protection on virtual machines, or create or remove recovery plans.

Site Recovery Manager.Protection Group.Remove from plan

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Test

Site Recovery Manager.Recovery Plan.Recovery

Site Recovery Manager.Recovery Plan.Reprotect

Site Recovery Manager.Recovery Plan.Configure commands

Site Recovery Manager.Recovery History.View deleted plans

  • Protection groups
  • Recovery plans
  • VMware Live Site Recovery service instances
VMware Live Site Recovery Recovery Plans Administrator

The VMware Live Site Recovery Recovery Plans Administrator role allows users to create and test recovery plans.

  • Add protection groups to recovery plans.
  • Remove protection groups from recovery plans.
  • Configure custom command steps on virtual machines.
  • Create recovery plans.
  • Test recovery plans.
  • Cancel recovery plan tests.
  • Edit virtual machine recovery properties.

Users with this role cannot configure protection on virtual machines, or perform recoveries or reprotect operations.

Site Recovery Manager.Protection Group.Assign to plan

Site Recovery Manager.Protection Group.Remove from plan

Site Recovery Manager.Recovery Plan.Configure Commands

Site Recovery Manager.Recovery Plan.Create

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Remove

Site Recovery Manager.Recovery Plan.Test

Resource.Recovery Use

  • Protection groups
  • Recovery plans
  • vCenter Server folders
  • Datastores
  • Resource pools
  • Networks
VMware Live Site Recovery Test Administrator

The VMware Live Site Recovery Test Administrator role only allows users to test recovery plans.

  • Test recovery plans.
  • Cancel recovery plan tests.
  • Edit virtual machine recovery properties.

Users with this role cannot configure protection on virtual machines, create protection groups or recovery plans, or perform recoveries or reprotect operations.

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Test

  • Recovery plans
VMware Live Site Recovery Remote User The VMware Live Site Recovery Remote User role grants users the minimum set of privileges needed for cross site VMware Live Site Recovery operations.

Datastore.Browse datastore

Datastore.Low level file operations

Datastore.Update virtual machine files

Datastore.Update virtual machine metadata

Host.vSphere Replication.Manage replication

Virtual Machine.Snapshot management.Remove snapshot

Virtual Machine.vSphere Replication.Configure replication

Virtual Machine.vSphere Replication.Manage replication

Virtual Machine.vSphere Replication.Monitor replication

  • Virtual machines
  • Datastores