You can make a copy of an existing role, rename it, and edit it. When you make a copy, the new role is not applied to any users or groups and objects. You must assign the role to users or groups and objects.

If you create or edit a role on a vCenter Server system that is part of the same vCenter Single Sign-On domain as other vCenter Server systems, the VMware Directory Service (vmdir) propagates the changes that you make to all other vCenter Server systems in the group. Assignments of roles to specific users and objects are not shared across vCenter Server systems.


Verify that you are logged in as a user with Administrator privileges.


  1. Log in to vCenter Server with the vSphere Web Client.
  2. Select Home, click Administration, and click Roles.
  3. Select a role, and click the Clone role action icon.
  4. Type a name for the cloned role.
  5. Select or deselect privileges for the role and click OK.