vSphere Replication includes a set of roles. Each role includes a set of privileges, which enable users with those roles to complete different actions.

For information about how to assign roles, see Assigning Roles in the vSphere Web Client in vSphere Security.

Note:

When assigning permissions with no propagation, make sure that you have at least Read-only permission on all parent objects.

Table 1. vSphere Replication Roles

Role

Actions that this Role Permits

Privileges that this Role Includes

Objects in vCenter Server Inventory that this Role Can Access

VRM replication viewer

  • View replications.

  • Cannot change replication parameters.

VRM remote > View VR

VRM remote > View VRM

VRM datastore mapper > View

Host > vSphere Replication > Manage replication

Virtual machine > vSphere Replication > Monitor replication

vCenter Server root folder with propagation, at source site (outgoing replications) and target site (incoming replications).

Alternatively, vCenter Server root folder without propagation on both sites and virtual machine without propagation on the source site.

VRM virtual machine replication user

  • View replications.

  • Manage datastores.

  • Configure and unconfigure replications.

  • Manage and monitor replications.

Requires a corresponding user with the same role on the target site and additionally vSphere Replication target datastore user role on the target datacenter, or datastore folder or each target datastore.

Datastore > Browse Datastore

VRM remote > View VR

VRM remote > View VRM

VRM datastore mapper > Manage

VRM datastore mapper > View

Host > vSphere Replication > Manage replication

Virtual machine > vSphere Replication > Configure replication

Virtual machine > vSphere Replication > Manage replication

Virtual machine > vSphere Replication > Monitor replication

vCenter Server root folder with propagation on both sites.

Alternatively, vCenter Server root folder without propagation on both sites, virtual machine without propagation on the source site, source datastores without propagation on the source site.

VRM administrator

Incorporates all vSphere Replication privileges.

VRM remote > Manage VR

VRM remote > View VR

VRM remote > Manage VRM

VRM remote > View VRM

VRM datastore mapper > Manage

VRM datastore mapper > View

VRM diagnostics > Manage

VRM session > Terminate

Datastore > Browse datastore

Datastore > Low level file operations

Host > vSphere Replication > Manage replication

Resource > Assign virtual machine to resource pool

Virtual machine > Configuration > Add existing disk

Virtual machine > Configuration > Add or remove device

Virtual machine > Interaction > Power On

Virtual machine > Interaction > Device connection

Virtual machine > Inventory > Register

Virtual machine > vSphere Replication > Configure replication

Virtual machine > vSphere Replication > Manage replication

Virtual machine > vSphere Replication > Monitor replication

vCenter Server root folder with propagation on both sites.

Alternatively, vCenter Server root folder without propagation on both sites, virtual machine without propagation on the source site, target datastore, target virtual machine folder with propagation on the target site, target host or cluster with propagation on the target site.

VRM diagnostics

Generate, retrieve, and delete log bundles.

VRM remote > View VR

VRM remote > View VRM

VRM diagnostics > Manage

vCenter Server root folder on both sites.

VRM target datastore user

Configure and reconfigure replications.

Used on target site in combination with the VRM virtual machine replication user role on both sites.

Datastore > Browse datastore

Datastore > Low level file operations

Datastore objects on target site, or datastore folder with propagation at target site, or target datacenter with propagation.

VRM virtual machine recovery user

Recover virtual machines.

Datastore > Browse datastore

Datastore > Low level file operations

Host > vSphere Replication > Manage replication

Virtual machine > Configuration > Add existing disk

Virtual machine > Configuration > Add or remove device

Virtual machine > Interaction > Power On

Virtual machine > Interaction > Device connection

Virtual machine > Inventory > Register

Resource > Assign virtual machine to resource pool

Secondary vCenter Server root folder with propagation.

Alternatively, secondary vCenter Server root folder without propagation, target datastore without propagation, target virtual machine folder with propagation, target host or cluster with propagation.