Global privileges control system-wide operations, such as viewing and changing global settings. Roles that contain only global privileges cannot be applied to access groups.
The following table describes the global privileges and lists the predefined roles that contain each privilege.
| Privilege | User Capabilities | Predefined Roles |
|---|---|---|
| Console Interaction | Log in to and use Horizon Console. T
Note: VMware Horizon adds the
Console Interaction privilege to new roles automatically. This privilege does not appear in the list of global privileges in
Horizon Console.
|
Administrators Administrators (Read only) Inventory Administrators Inventory Administrators (Read only) Global Configuration and Policy Administrators Global Configuration and Policy Administrators (Read only) Helpdesk Administrators Helpdesk Administrators (Read Only) Local Administrators Local Administrators (Read Only) |
| Direct Interaction | Run all PowerShell commands and command line utilities, except for vdmadmin and vdmimport. Administrators must have the Administrators role on the root access group to use the vdmadmin, vdmimport, and lmvutil commands.
Note: VMware Horizon adds the
Direct Interaction privilege to new roles automatically. This privilege does not appear in the list of global privileges in
Horizon Console.
|
Administrators Administrators (Read only) |
| Manage Access Groups | Add and remove access groups. | Administrators Local Administrators |
| Manage Cloud Pod Architecture | Configure and manage a Cloud Pod Architecture environment, including global entitlements, sites, home sites, and pods. | Administrators |
| Manage Global Configuration and Policies | View and modify global policies and configuration settings except for administrator roles and permissions. | Administrators Global Configuration and Policy Administrators |
| Manage Global Sessions | Manage global sessions in a Cloud Pod Architecture environment. | Administrators |
| Manage Roles and Permissions | Create, modify, and delete administrator roles and permissions. | Administrators |
| Register Agent | Install Horizon Agent on unmanaged machines, such as physical systems, standalone virtual machines, and RDS hosts. During Horizon Agent installation, you must provide your administrator login credentials to register the unmanaged machine with the Connection Server instance. |
Administrators Agent Registration Administrators |
| Manage vCenter Configuration (Read only) | Read only access to the vCenter Server configuration. | Administrators Administrators (Read only) Inventory Administrators Inventory Administrators (Read only) Local Administrators Local Administrators (Read Only) |
