diff --git a/extra/schema_fill.lua b/extra/schema_fill.lua
index 126b3161aaa75569beb3a877a1924d36f0b4bc25..19ee7a176448ed8b29800899e471a2157a35f018 100644
--- a/extra/schema_fill.lua
+++ b/extra/schema_fill.lua
@@ -62,10 +62,15 @@ _index:insert{_cluster.id, 1, 'uuid', 'tree', 1, 1, 1, 'str'}
 _user:insert{GUEST, ADMIN, 'guest', 'user'}
 _user:insert{ADMIN, ADMIN, 'admin', 'user'}
 _user:insert{PUBLIC, ADMIN, 'public', 'role'}
+RPL_ID = _user:auto_increment{ADMIN, 'replication', 'role'}[1]
 -- grant admin access to the universe
 _priv:insert{1, 1, 'universe', 0, 7}
 -- grant 'public' role access to 'box.schema.user.info' function
 _func:insert{1, 1, 'box.schema.user.info', 1}
 _priv:insert{1, 2, 'function', 1, 4}
+-- replication can read universe
+_priv:insert{1, RPL_ID, 'universe', 0, 1}
+-- replication can append to '_cluster' system space
+_priv:insert{1, RPL_ID, 'space', box.schema.CLUSTER_ID, 2}
 -- grant 'guest' role 'public'
 _priv:insert{1, 0, 'role', 2, 4}
diff --git a/src/box/bootstrap.snap b/src/box/bootstrap.snap
index b05c412abd7caacb3a4f7d12befa761f39e198e8..9756b8a9df93c84cfd3e105a97267cd25cb9520c 100644
Binary files a/src/box/bootstrap.snap and b/src/box/bootstrap.snap differ
diff --git a/src/box/box.cc b/src/box/box.cc
index e7b2c45aff98bf3a9fcefb0a0129dc86d0132c68..20097d52dea2c587bf4c40ac4eb99fef1f26c74d 100644
--- a/src/box/box.cc
+++ b/src/box/box.cc
@@ -305,7 +305,7 @@ boxk(enum iproto_type type, uint32_t space_id, const char *format, ...)
 /**
  * @brief Called when recovery/replication wants to add a new server
  * to cluster.
- * cluster_add_server() is called as a commit trigger on jcluster
+ * cluster_add_server() is called as a commit trigger on cluster
  * space and actually adds the server to the cluster.
  * @param server_uuid
  */
diff --git a/test/box/access.result b/test/box/access.result
index 2e5bf7f9375fd0069ca1e950c410a8968c09b78f..ea88661bcc1c6ab225d4cdf152168ba85a8098f4 100644
--- a/test/box/access.result
+++ b/test/box/access.result
@@ -82,7 +82,7 @@ end;
 ...
 usermax();
 ---
-- error: User 'user29' is not found
+- error: User 'user28' is not found
 ...
 --# setopt delimiter ''
 box.schema.user.create('rich')
@@ -122,7 +122,7 @@ box.schema.user.revoke('rich', 'public')
 ...
 box.space['_user']:delete{uid}
 ---
-- [4, 1, 'rich', 'user', []]
+- [5, 1, 'rich', 'user', []]
 ...
 box.schema.user.drop('test')
 ---
@@ -318,7 +318,7 @@ box.schema.user.create('user1')
 ...
 box.space._user.index.name:select{'user1'}
 ---
-- - [3, 1, 'user1', 'user', []]
+- - [4, 1, 'user1', 'user', []]
 ...
 session.su('user1')
 ---
@@ -331,7 +331,7 @@ session.su('admin')
 ...
 box.space._user.index.name:select{'user1'}
 ---
-- - [3, 1, 'user1', 'user', {'chap-sha1': 'CRO/LiziDOIb+xlhrxJNSSBFjl8='}]
+- - [4, 1, 'user1', 'user', {'chap-sha1': 'CRO/LiziDOIb+xlhrxJNSSBFjl8='}]
 ...
 box.schema.user.drop('user1')
 ---
@@ -355,8 +355,8 @@ box.schema.user.grant('user', 'read,write', 'universe')
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
-  - [1, 3, 'universe', 0, 3]
+- - [1, 4, 'role', 2, 4]
+  - [1, 4, 'universe', 0, 3]
 ...
 box.schema.user.grant('user', 'read', 'universe')
 ---
@@ -364,39 +364,39 @@ box.schema.user.grant('user', 'read', 'universe')
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
-  - [1, 3, 'universe', 0, 3]
+- - [1, 4, 'role', 2, 4]
+  - [1, 4, 'universe', 0, 3]
 ...
 box.schema.user.revoke('user', 'write', 'universe')
 ---
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
-  - [1, 3, 'universe', 0, 1]
+- - [1, 4, 'role', 2, 4]
+  - [1, 4, 'universe', 0, 1]
 ...
 box.schema.user.revoke('user', 'read', 'universe')
 ---
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
+- - [1, 4, 'role', 2, 4]
 ...
 box.schema.user.grant('user', 'write', 'universe')
 ---
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
-  - [1, 3, 'universe', 0, 2]
+- - [1, 4, 'role', 2, 4]
+  - [1, 4, 'universe', 0, 2]
 ...
 box.schema.user.grant('user', 'read', 'universe')
 ---
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
-  - [1, 3, 'universe', 0, 3]
+- - [1, 4, 'role', 2, 4]
+  - [1, 4, 'universe', 0, 3]
 ...
 box.schema.user.drop('user')
 ---
diff --git a/test/box/access_bin.result b/test/box/access_bin.result
index ce7c81545643f3b3ed1c89ef028e70c947e70657..9dd70ba901d12eb27a64b7cc9b2684ae788232db 100644
--- a/test/box/access_bin.result
+++ b/test/box/access_bin.result
@@ -170,7 +170,7 @@ box.schema.user.drop('test')
 ...
 c.space.test:insert{1}
 ---
-- error: User '3' is not found
+- error: User '4' is not found
 ...
 c:close()
 ---
diff --git a/test/box/access_misc.result b/test/box/access_misc.result
index b181cbba871c254d16255276042565abb065330f..381969b514cb20c01a72d50d3131108c39cd68af 100644
--- a/test/box/access_misc.result
+++ b/test/box/access_misc.result
@@ -320,6 +320,9 @@ s:drop()
 box.schema.user.create('testuser')
 ---
 ...
+maxuid = box.space._user.index.primary:max()[1]
+---
+...
 box.schema.user.grant('testuser', 'write', 'space', '_user')
 ---
 ...
@@ -337,12 +340,12 @@ box.space._user:select(1)
 ---
 - error: Read access denied for user 'testuser' to space '_user'
 ...
-uid = box.space._user:insert{4, session.uid(), 'someone', 'user'}[1]
+uid = box.space._user:insert{maxuid+1, session.uid(), 'someone', 'user'}[1]
 ---
 ...
-box.space._user:delete(4)
+box.space._user:delete(uid)
 ---
-- [4, 3, 'someone', 'user']
+- [5, 4, 'someone', 'user']
 ...
 session.su('admin')
 ---
@@ -375,7 +378,7 @@ box.space._user:select(1)
 ---
 - - [1, 1, 'admin', 'user']
 ...
-box.space._user:insert{4,session.uid(),'someone2', 'user'}
+box.space._user:insert{uid, session.uid(), 'someone2', 'user'}
 ---
 - error: Write access denied for user 'testuser' to space '_user'
 ...
@@ -570,6 +573,7 @@ box.space._user:select()
 - - [0, 1, 'guest', 'user']
   - [1, 1, 'admin', 'user']
   - [2, 1, 'public', 'role']
+  - [3, 1, 'replication', 'role']
 ...
 box.space._space:select()
 ---
diff --git a/test/box/access_misc.test.lua b/test/box/access_misc.test.lua
index afe6d7be4ba750ce9f5a5afbe5e17063a5c1281f..e453d79acf7e82f812b505f0db5bf691eaa6967a 100644
--- a/test/box/access_misc.test.lua
+++ b/test/box/access_misc.test.lua
@@ -134,14 +134,15 @@ s:drop()
 -- Check write grant on _user
 --
 box.schema.user.create('testuser')
+maxuid = box.space._user.index.primary:max()[1]
 
 box.schema.user.grant('testuser', 'write', 'space', '_user')
 session.su('testuser')
 testuser_uid = session.uid()
 box.space._user:delete(2)
 box.space._user:select(1)
-uid = box.space._user:insert{4, session.uid(), 'someone', 'user'}[1]
-box.space._user:delete(4)
+uid = box.space._user:insert{maxuid+1, session.uid(), 'someone', 'user'}[1]
+box.space._user:delete(uid)
 
 session.su('admin')
 box.space._user:select(1)
@@ -154,7 +155,7 @@ box.schema.user.grant('testuser', 'read', 'space', '_user')
 session.su('testuser')
 box.space._user:delete(2)
 box.space._user:select(1)
-box.space._user:insert{4,session.uid(),'someone2', 'user'}
+box.space._user:insert{uid, session.uid(), 'someone2', 'user'}
 
 session.su('admin')
 --
diff --git a/test/box/bootstrap.result b/test/box/bootstrap.result
index d42ed4f1823a39acc9b6088e2caf080b5a1b13ee..9c96110c22245394cd347a0caefc4160a08a6d17 100644
--- a/test/box/bootstrap.result
+++ b/test/box/bootstrap.result
@@ -80,6 +80,7 @@ box.space._user:select{}
 - - [0, 1, 'guest', 'user']
   - [1, 1, 'admin', 'user']
   - [2, 1, 'public', 'role']
+  - [3, 1, 'replication', 'role']
 ...
 box.space._func:select{}
 ---
@@ -90,4 +91,6 @@ box.space._priv:select{}
 - - [1, 0, 'role', 2, 4]
   - [1, 1, 'universe', 0, 7]
   - [1, 2, 'function', 1, 4]
+  - [1, 3, 'space', 320, 2]
+  - [1, 3, 'universe', 0, 1]
 ...
diff --git a/test/replication/cluster.result b/test/replication/cluster.result
index fc11db893f4e0c4a83194d7f10c6c14978ee663b..520f03d4ea42fee624cab79f1a88296757456c82 100644
--- a/test/replication/cluster.result
+++ b/test/replication/cluster.result
@@ -32,7 +32,7 @@ box.space._cluster:replace{1, require('uuid').NULL:str()}
 -------------------------------------------------------------
 gh-527: update vclock on delete from box.space._cluster
 -------------------------------------------------------------
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 ---
 ...
 box.space._schema:insert{"test", 48}
@@ -131,6 +131,6 @@ box.info.vclock[11]
 ---
 - 0
 ...
-box.schema.user.revoke('guest', 'read,write,execute', 'universe')
+box.schema.user.revoke('guest', 'replication')
 ---
 ...
diff --git a/test/replication/cluster.test.py b/test/replication/cluster.test.py
index 5beec7a8e80cfecfa15e353f476f0a93cf6eeed4..11ef2c1a4c7ada947c0c4c148151b762ff3ee775 100644
--- a/test/replication/cluster.test.py
+++ b/test/replication/cluster.test.py
@@ -47,7 +47,7 @@ print '-------------------------------------------------------------'
 master = server
 master_id = master.get_param('server')['id']
 
-master.admin("box.schema.user.grant('guest', 'read,write,execute', 'universe')")
+master.admin("box.schema.user.grant('guest', 'replication')")
 
 replica = TarantoolServer(server.ini)
 replica.script = 'replication/replica.lua'
@@ -98,4 +98,4 @@ replica.admin('box.info.vclock[%d]' % replica_id3)
 # Cleanup
 sys.stdout.pop_filter()
 
-master.admin("box.schema.user.revoke('guest', 'read,write,execute', 'universe')")
+master.admin("box.schema.user.revoke('guest', 'replication')")
diff --git a/test/replication/consistent.test.lua b/test/replication/consistent.test.lua
index 06c18ac135729d3f25889ae76cedfa1beac83d2a..a921afba79cd2d7047f2a9e05b6300621a1c66ba 100644
--- a/test/replication/consistent.test.lua
+++ b/test/replication/consistent.test.lua
@@ -1,7 +1,7 @@
 --# create server replica with rpl_master=default, script='replication/replica.lua'
 --# start server replica
 --# set connection default
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 -- Wait until the grant reaches the replica
 --# set connection replica
 while box.space['_priv']:len() < 1 do box.fiber.sleep(0.01) end
@@ -172,4 +172,4 @@ box.space[0]:insert{0, 'replica is RO'}
 --# cleanup server replica
 --# set connection default
 box.space[0]:drop()
-box.schema.user.revoke('guest', 'read,write,execute', 'universe')
+box.schema.user.revoke('guest', 'replication')
diff --git a/test/replication/hot_standby.result b/test/replication/hot_standby.result
index 571613664c3a67514da4212971c4ad7dda26e4e3..a864e40da0a4be20d280051b86f6ee9d8fff510f 100644
--- a/test/replication/hot_standby.result
+++ b/test/replication/hot_standby.result
@@ -1,5 +1,5 @@
 --# set connection default
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 ---
 ...
 --# create server hot_standby with script='replication/hot_standby.lua', rpl_master=default
diff --git a/test/replication/hot_standby.test.lua b/test/replication/hot_standby.test.lua
index 655c22652705daf4d5688793466692fa2af3b9b6..d296e1726bc7ac7828aca5ee525f1ab80a7b981c 100644
--- a/test/replication/hot_standby.test.lua
+++ b/test/replication/hot_standby.test.lua
@@ -1,5 +1,5 @@
 --# set connection default
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 --# create server hot_standby with script='replication/hot_standby.lua', rpl_master=default
 --# create server replica with rpl_master=default, script='replication/replica.lua'
 --# start server hot_standby
diff --git a/test/replication/init_storage.result b/test/replication/init_storage.result
index a013177fbbf7d1dbe653ab71d39beda3d674174b..f2d992e897a6662ebb781e84703407125904dd22 100644
--- a/test/replication/init_storage.result
+++ b/test/replication/init_storage.result
@@ -1,4 +1,4 @@
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 ---
 ...
 space = box.schema.create_space('test', {id =  42})
diff --git a/test/replication/init_storage.test.py b/test/replication/init_storage.test.py
index 4f6f78a6d0904c434d8f6b3d15b41c3e1a9a7097..d17f7cbf3f31d2d3f53fa88ea51c12f56662daba 100644
--- a/test/replication/init_storage.test.py
+++ b/test/replication/init_storage.test.py
@@ -6,7 +6,7 @@ from lib.tarantool_server import TarantoolServer
 master = server
 master_id = master.get_param('server')['id']
 
-master.admin("box.schema.user.grant('guest', 'read,write,execute', 'universe')")
+master.admin("box.schema.user.grant('guest', 'replication')")
 master.admin("space = box.schema.create_space('test', {id =  42})")
 master.admin("index = space:create_index('primary', { type = 'tree'})")
 
diff --git a/test/replication/readonly.result b/test/replication/readonly.result
index 9a3b22b210fa4119b55ef7fd00086806a7e14693..f6d59d4e1250751a60a645a02ead31919475dadc 100644
--- a/test/replication/readonly.result
+++ b/test/replication/readonly.result
@@ -1,4 +1,4 @@
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 ---
 ...
 box.info.server.id
diff --git a/test/replication/readonly.test.py b/test/replication/readonly.test.py
index 24789c51a77e804d1b4b369e189a7d2e7bc5251c..deb323536d130173e5021d531d5eb3108e3ca253 100644
--- a/test/replication/readonly.test.py
+++ b/test/replication/readonly.test.py
@@ -6,7 +6,7 @@ from lib.tarantool_server import TarantoolServer
 master = server
 master_id = master.get_param('server')['id']
 
-master.admin("box.schema.user.grant('guest', 'read,write,execute', 'universe')")
+master.admin("box.schema.user.grant('guest', 'replication')")
 
 replica = TarantoolServer(server.ini)
 replica.script = 'replication/replica.lua'