The predefined administrator roles combine all of the individual privileges required to perform common administration tasks. You cannot modify the predefined roles.
The following table describes the predefined roles and indicates whether a role can be applied to an access group.
Role | User Capabilities | Applies to an Access Group |
---|---|---|
Administrators | Perform all administrator operations, including creating additional administrator users and groups. In a Cloud Pod Architecture environment, administrators that have this role can configure and manage a pod federation and manage remote pod sessions. Administrators that have the Administrators role on the root access group are super users because they have full access to all of the inventory objects in the system. Because the Administrators role contains all privileges, you should assign it to a limited set of users. Initially, members of the local Administrators group on your Connection Server host are given this role on the root access group.
Important: An administrator must have the Administrators role on the root access group to perform the following tasks:
|
Yes |
Administrators (Read only) |
In a Cloud Pod Architecture environment, administrators that have this role can view inventory objects and settings in the Global Data Layer. When administrators have this role on an access group, they can only view the inventory objects in that access group. |
Yes |
Agent Registration Administrators | Register unmanaged machines such as physical systems, standalone virtual machines, and RDS hosts. | No |
Global Configuration and Policy Administrators | View and modify global policies and configuration settings except for administrator roles and permissions. | No |
Global Configuration and Policy Administrators (Read only) | View, but not modify, global policies and configuration settings except for administrator roles and permissions. | No |
Help Desk Administrators | Perform desktop and application actions such as shutdown, reset, restart, and perform remote assistance actions such as end processes for a user's desktop or application. An administrator must have permissions on the root access group to access Horizon Help Desk Tool.
|
No |
Help Desk Administrators (Read Only) | View user and session information, and drill down on session details. An administrator must have permissions on the root access group to access Horizon Help Desk Tool.
|
No |
Inventory Administrators |
When administrators have this role on an access group, they can only perform these operations on the inventory objects in that access group. Administrators with this role cannot create a manual farm or an unmanaged manual pool or add or remove RDS hosts to the farm or unmanaged manual pool. |
Yes |
Inventory Administrators (Read only) | View, but not modify, inventory objects. When administrators have this role on an access group, they can only view the inventory objects in that access group. |
Yes |
Local Administrators | Perform all local administrator operations, except for creating additional administrator users and groups. In a Cloud Pod Architecture environment, administrators that have this role cannot perform operations on the Global Data Layer or manage sessions on remote pods.
Note: An administrator with the Local Administrators role cannot access
Horizon Help Desk Tool. Administrators in a non-CPA environment do not have the Manage Global Sessions privilege, which is required to perform tasks in
Horizon Help Desk Tool.
|
Yes |
Local Administrators (Read Only) | Same as the Administrators (Read Only) role, except for viewing inventory objects and settings in the Global Data Layer. Administrators that have this role have read-only rights only on the local pod.
Note: An administrator with the Local Administrators (Read Only) role cannot access
Horizon Help Desk Tool. Administrators in a non-CPA environment do not have the Manage Global Sessions privilege, which is required to perform tasks in
Horizon Help Desk Tool.
|
Yes |