You can create Horizon Cloud administrative users and assign them roles. The roles provide the administrative users specified permissions to the Horizon Universal Console, such as to view specific information or to take specific actions.

Administrative Roles for the Horizon Universal Console

Each role gives create, read, update, and delete permissions to the specified area, and read permissions only to everything else.

Roles Area of Permissions
Administrator Access to entire UI and API.
Read-Only Administrator Read-only access to UI and API
Pool Administrator pools and VMs
Deployment Administrator Horizon Edges, Unified Access Gateways, Providers
Pool Group Administrator Pool Groups
Entitlement Administrator Entitlements
Image Administrator Images

Add Horizon Universal Console Users and Assign Roles

To provide administrative users with access rights to the Horizon Universal Console, you use the VMware Cloud Services Console to first assign those users an organization role. You can then assign Horizon Cloud Service roles to those users.

This task requires you to access the Cloud Services Console. You must be an organization owner or an organization administrator to add new users.
Note: For more details about VMware Cloud™ services , see VMware Cloud services Product Documentation. You might see other names for VMware Cloud services in VMware products and documentation, such as "VMware Cloud Services Platform" (CSP) and "VMware Cloud Services Engagement Platform."
A screenshot of the Add New Users functionality in the VMware Cloud Services Console


  1. Log in to the Cloud Services Console.
  2. In the left menu, select Identity & Access Management > Active Users
    Note: The Identity & Access Management node is only available to organization owners and organization administrators.
  3. Select Active Users > Add Users.
  4. In the Users text box, add the email addresses of people you want to assign administrative roles.
  5. Select an organization role for the users you added.
    Organization owners and organization admins can use the Cloud Services Console to add and edit users.
  6. Click Add a Service and, if necessary to choose, select Workspace ONE.
    A screenshot of the Assign Service Roles functionality available in the VMware Cloud Services Console
  7. Click the with roles text box to view the list of available roles and, if desired, select additional roles.
  8. In the next drop-down menu, select with or until, depending on if you want to set the permissions to expire at some point.
  9. In the next field, if applicable, provide an expiration date.
  10. Click Add.


The users you added now have access to the Horizon Universal Console with the permissions you granted them.

Other Actions You Can Perform from the Active Users Page

After you use the Cloud Services Console to add users, you can take several other actions on the Active Users page.

You can perform the following actions, many of which are the same as or similar to the steps for configuring the initial Horizon Availability Monitoring test

Action Description
Search the active-users list. Enter a text string in the Search text box to search the list of active users.
View the role-related information of a selected active user. Click the double arrow next to an active user's name to display the following information.
  • That user's organization role, such as Organization Admin, Organization Owner, and Organization Member.
  • That user's services, such as the Horizon Cloud Service, and the users assigned roles for that service, such as Image Administrator and Inventory Administrator.
Edit a user's role. Select a user and click Edit Roles.

Editing roles is very similar to the procedure of adding roles, previously described.

Remove users. Select one or more users and click Remove Users.