A key management task in a Horizon 7 environment is to determine who can use Horizon Administrator and what tasks those users are authorized to perform.

The authorization to perform tasks in Horizon Administrator is governed by an access control system that consists of administrator roles and privileges. A role is a collection of privileges. Privileges grant the ability to perform specific actions, such as entitling a user to a desktop pool or changing a configuration setting. Privileges also control what an administrator can see in Horizon Administrator.

An administrator can create folders to subdivide desktop pools and delegate the administration of specific desktop pools to different administrators in Horizon Administrator. An administrator configures administrator access to the resources in a folder by assigning a role to a user on that folder. Administrators can only access the resources that reside in folders for which they have assigned roles. The role that an administrator has on a folder determines the level of access that the administrator has to the resources in that folder.

Horizon Administrator includes a set of predefined roles. Administrators can also create custom roles by combining selected privileges.