vSphere Replication includes a set of roles. Each role includes a set of privileges, which enable users with those roles to complete different actions.

For information about how to assign roles, see Assigning Roles in the vSphere Web Client in vSphere Security.

Note

When assigning permissions with no propagation, make sure that you have at least Read-only permission on all parent objects.

vSphere Replication Roles

Role

Privilege

Action

Target Object in vCenter Server Inventory

VRM replication viewer

VRM remote.View VR

VRM remote.View VRM

VRM datastore mapper.View

Host.Replication.Manage replication

Virtual machine .Replication.Monitor replication

View replications.

Cannot change replication parameters.

vCenter Server root folder with propagation, at primary site (outgoing replications) and secondary site (incoming replications).

Alternatively, vCenter Server root folder without propagation on both sites and virtual machine without propagation on the primary site.

VRM virtual machine replication user

VRM remote.View VR

VRM remote.View VRM

VRM datastore mapper.Manage

VRM datastore mapper.View

Host.Replication.Manage replication

Virtual machine.Replication.Configure replication

Virtual machine.Replication.Manage replication

Virtual machine.Replication.Monitor replication

View replications.

Manage datastores.

Configure and unconfigure replications.

Manage and monitor replications.

Requires a corresponding user with the same role on the secondary site and additionally vSphere Replication target datastore user role on both source and target datacenters, or source and target datastore folders or on each source or target datastore.

vCenter Server root folder with propagation on both sites.

Alternatively, vCenter Server root folder without propagation on both sites and virtual machine without propagation on the primary site.

VRM administrator

VRM remote.Manage VR

VRM remote.View VR

VRM remote.Manage VRM

VRM remote.View VRM

VRM datastore mapper.Manage

VRM datastore mapper.View

VRM diagnostics .Manage

VRM session .Terminate

Datastore.Browse datastore

Datastore.Low level file operations

Host.Replication.Manage replication

Resource.Assign virtual machine to resource pool

Virtual machine.Configuration.Add existing disk

Virtual machine.Configuration.Add or remove device

Virtual machine.Interaction.Power On

Virtual machine.Interaction.Device connection

Virtual machine.Inventory.Register

Virtual machine.Replication.Configure replication

Virtual machine.Replication.Manage replication

Virtual machine.Replication.Monitor replication

Incorporates all vSphere Replication privileges.

vCenter Server root folder with propagation on both sites.

Alternatively, vCenter Server root folder without propagation on both sites, virtual machine without propagation on the primary site, target datastore, target virtual machine folder with propagation on the secondary site, target host or cluster with propagation on the secondary site.

VRM diagnostics

VRM remote.View VR

VRM remote.View VRM

VRM diagnostics .Manage

Generate, retrieve, and delete log bundles.

vCenter Server root folder on both sites.

VRM target datastore user

Datastore.Browse datastore

Datastore.Low level file operations

Configure and reconfigure replications.

Used on both sites in combination with the VRM virtual machine replication user role on both sites.

Source and target datastore objects, or datastore folder with propagation, or source and target datacenters with propagation.

VRM virtual machine recovery user

Datastore.Browse datastore

Datastore.Low level file operations

Host.Replication.Manage replication

Virtual machine.Configuration.Add existing disk

Virtual machine.Configuration.Add or remove device

Virtual machine.Interaction.Power On

Virtual machine.Interaction.Device connection

Virtual machine.Inventory.Register

Resource.Assign virtual machine to resource pool

Recover virtual machines.

Secondary vCenter Server root folder with propagation.

Alternatively, secondary vCenter Server root folder without propagation, target datastore, target virtual machine without propagation, target virtual machine folder with propagation, target host or cluster with propagation.