diff --git a/ansible/roles_ocp_workloads/ocp4_workload_virt_roadshow_multi_user/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_virt_roadshow_multi_user/tasks/workload.yml
index c1139dbcf9d..26d360d1d12 100644
--- a/ansible/roles_ocp_workloads/ocp4_workload_virt_roadshow_multi_user/tasks/workload.yml
+++ b/ansible/roles_ocp_workloads/ocp4_workload_virt_roadshow_multi_user/tasks/workload.yml
@@ -4,9 +4,9 @@
     state: present
     definition: "{{ lookup('file', resource | from_yaml) }}"
   loop:
-  - clusterrole-operator-viewer.yaml
-  - clusterrolebinding-operator-view.yaml
-  - clusterrolebinding-template-view.yaml
+    - clusterrole-operator-viewer.yaml
+    - clusterrolebinding-operator-view.yaml
+    - clusterrolebinding-template-view.yaml
   loop_control:
     loop_var: resource
 
@@ -15,8 +15,8 @@
     state: present
     definition: "{{ lookup('file', resource | from_yaml) }}"
   loop:
-  - rolebinding-openshift-view.yaml
-  - rolebinding-openshift-images-os-view.yaml
+    - rolebinding-openshift-view.yaml
+    - rolebinding-openshift-images-os-view.yaml
   loop_control:
     loop_var: resource
 
@@ -25,12 +25,13 @@
     state: present
     definition: "{{ lookup('template', resource | from_yaml) }}"
   loop:
-  - configmap-ui-settings.yaml.j2
-  - configmap-user-settings.yaml.j2
-  - role-kubevirt-ui-features-reader.yaml.j2
-  - role-kubevirt-user-settings-reader.yaml.j2
-  - rolebinding-kubevirt-ui-features-reader.yaml.j2
-  - rolebinding-kubevirt-user-settings-reader.yaml.j2
+    - configmap-ui-settings.yaml.j2
+    - configmap-user-settings.yaml.j2
+    - role-kubevirt-ui-features-reader.yaml.j2
+    - role-kubevirt-user-settings-reader.yaml.j2
+    - rolebinding-kubevirt-ui-features-reader.yaml.j2
+    - rolebinding-kubevirt-user-settings-reader.yaml.j2
+    - rolebinding-kubevirt-user-migrate.yaml.j2
   loop_control:
     loop_var: resource
 
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_virt_roadshow_multi_user/templates/rolebinding-kubevirt-user-migrate.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_virt_roadshow_multi_user/templates/rolebinding-kubevirt-user-migrate.yaml.j2
new file mode 100644
index 00000000000..a5c43b7dead
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_virt_roadshow_multi_user/templates/rolebinding-kubevirt-user-migrate.yaml.j2
@@ -0,0 +1,15 @@
+---
+# new in 4.20, users need ClusterRole kubevirt.io:migrate to do Live VM migrations
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubevirt-user-migrate
+  namespace: {{ ocp4_workload_virt_roadshow_multi_user_configmap_namespace }}
+subjects:
+- kind: Group
+  apiGroup: rbac.authorization.k8s.io
+  name: 'system:authenticated'
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: 'kubevirt.io:migrate'