Firstly, sorry for the lengthy post.
I am currently in the process of configuring replication from a few of our branch sites to a single DR VMware environment. It is working well, except that I have had to configure the replication job at each branch site with full administrator privileges to the DR VMware vCenter environment.
Unfortunately due to our company policy, I cannot leave the Veeam console at a branch site with full administrator rights to the remote DR vCenter server. (The main issue being that if the network admin at the branch site connects to the local Veeam server, he can easily access the remote DR infrastructure and see all virtual machines and data for all other branches.)
In speaking to Veeam support, they sent through a document to assist me (granular_permissions_v6), but have since advised replication is no longer supported with anything other than full admin rights on the destination. I can't give full admin rights to the branches, and I simply can't setup an individual VMware environment for each branch to replicate to.

I have gone through the process of trying to restrict the permissions on the Veeam service account, but the replication is failing on:
Although, I can browse the destination datastore through Veeam and create folders with no issue.Datastore 'datastore-414' was not found (System.Exception)
Below is an overview of permissions I have applied to the Veeam account at the replication site. If anyone has any ideas, they would be greatly appreciated.
Cheers,
Josh
vCenter Role and Permission Configuration
Three roles have been created with the following names:
• DR_MainRole
• DR _cluster
• DR _host
Permission level for DR_MainRole:
Datastore
• Allocate Space
• Browse Datastore
• Configure datastore
• Low level file operations
• Move datastore
• Remove datastore
• Remove File
• Rename datastore
• Update virtual machine files
Global
• Log Event
Network
• Assign network
• Configure
• Move network
• Remove
Resource
• Assign virtual machine to resource pool
Schedule task
• Create tasks
• Modify task
• Run task
Tasks
• Create task
• Update task
Virtual machine
• Configuration (all)
• Guest Operations (all)
• Interaction (all)
• Inventory (all)
• Provisioning (all)
• Replication (all)
• State (all)
Permission level for DR_cluster:
Resource
• Assign virtual machine to resource pool
Permission level for DR_host:
Resource
• Assign virtual machine to resource pool
vCenter Role Assignment
As these steps are completed to assign role based permissions on vCenter inventory, the Active Directory Security Group “DR_branchname_group” created in this document should be used as the object of these permissions.
Apply the AD security group to this role against vCenter inventory objects:
