Since vSphere Replication features multisite and cross-vCenter replication capabilities VMware introduced new roles to meet strict security requirements of a deployment scenario with multiple vCenter servers.
New roles are added into vCenter as vSphere Replication Appliance deployment is completed.
These roles will be assigned to specific users and/or groups who will specifically deal with vSphere Replication.
Roles are pre-built to allow users to perform just certain specific tasks they are permitted to. These tasks are such as recovering replicated VMs or viewing replication status with no further permissions.
The following Roles are added:
VRM Replication Viewer:
Cannot change replication parameters
VRM Virtual Machine Replication User:
Configure and unconfigure replications
Manage and monitor replications
Incorporates all vSphere Replication privileges
Generate, retrieve, and delete log bundles
VRM Target Datastore User:
Configure and reconfigure replications
Used on target site in combination with the VRM virtual machine replication user role on both sites
VRM Virtual Machine Recovery User:
Recover virtual machines
For any further information regarding these roles refer to vSphere Replication Roles Reference.
To assign to a certain user/group vSphere Replication roles have a look at my previous article: Users, Groups and Roles management in vSphere 5.5.
Other blog posts in vSphere Replication Series:
vSphere Replication Part 1 - Introduction
vSphere Replication Part 2 - Installation
vSphere Replication Part 3 - Roles & Permissions
vSphere Replication Part 4 - Configuration
vSphere Replication Part 5 - Enable Replication
vSphere Replication Part 6 - Perform Recovery
vSphere Replication Part 7 - Provision additional Replication Servers