Article number
Affected Versions

FTN-20201101: Zerto Role Based Access Control and VMware vCenter

Viewed 1075 times


Due to the complex variety of deployment scenarios, Zerto is changing the default behavior of checking vCenter role-based privileges for Zerto operations on newly deployed Zerto 8.5 ZVMs to not checking RBAC by default.  Users that depend on vCenter role-based privilege checking for Zerto operations may need to contact Zerto Support before deploying a new Zerto 8.5 ZVM to enable continued role-based checks of vCenter privileges.

Target Audience

Users with Zerto Version 8.5 when using vCenter Role Based Access Control (RBAC) for Zerto operations



Zerto installs the following role-based privileges in vCenter on each new ZVM installation: 

  • Viewer only

  • Failover test

  • Manage VRA

  • Manage VPG

  • Manage Site

  • Manage ZCC

  • Failover live

  • File level restore to production

Prior to Zerto 8.5, Zerto checks the vCenter privileges for each user for privileges to use each operation.  Starting on Zerto 8.5 and onward, Zerto no longer performs these checks on newly deployed ZVMs.

ZVMs that upgrade to Zerto 8.5 are unaffected by this change.

Customers that have assigned Zerto specific roles to their vCenter users have the following options to preserve this functionality on new ZVM installations:

  • Deploy Zerto 8.0 on new ZVM installations until Zerto delivers a new installation option on a future version of Zerto

  • Use the Zerto ZCM for role-based access control of Zerto operations and resources

  • Contact Zerto Support before deploying a new ZVM on Zerto 8.5 to enable checking of vCenter role-based privileges


Actions to take

Zerto recommends checking if vCenter role-based privileges are required for selected Zerto operations before deploying a new ZVM on Zerto 8.5.  If vCenter role-based privileges are required for Zerto operations, then continue using Zerto 8.0 for new ZVM deployments.