An administrator must have certain privileges to perform general administration tasks and run command line utilities.

The following table shows the privileges that are required to perform general administration tasks and run command line utilities.

Table 1. Privileges for General Administration Tasks and Commands
Task Required Privileges
Add or delete an access group Must have the Local Administrators role or Administrators role on the root access group for deleting an access group.

Must have the Inventory Administrators or Local Administrators or Administrators role on the root access group.

Manage ThinApp applications and settings in Horizon Administrator Must have the Administrators role on the root access group.
Install Horizon Agent on an unmanaged machine, such as a physical system, standalone virtual machine, or RDS host Register Agent
View or modify configuration settings (except for administrators) in Horizon Administrator Manage Global Configuration and Policies
Run all PowerShell commands and command line utilities except for vdmadmin and vdmimport. Direct Interaction
Note: Starting in Horizon 7 version 7.10, the Direct Interaction privilege is automatically added to new roles and is not visible in the list of privileges in Horizon Console.
Use the vdmadmin and vdmimport commands Must have the Administrators role on the root access group.
Use the vdmexport command Must have the Administrators role or the Administrators (Read only) role on the root access group.
Read only access to vCenter Server configuration. Manage vCenter Configuration (Read only)