Global privileges control system-wide operations, such as viewing and changing global settings. Roles that contain only global privileges cannot be applied to access groups. In a Cloud Pod Architecture environment, roles that contain only global privileges also cannot be applied to federation access groups.

The following table describes the global privileges and lists the predefined roles that contain each privilege.

Table 1. Global Privileges
Privilege User Capabilities Predefined Roles
Collect Operation Logs Collect operation logs for pools, farms, or Connection Server.
Console Interaction Log in to and use Horizon Console.
Note: VMware Horizon adds the Console Interaction privilege to new roles automatically. This privilege does not appear in the list of global privileges in Horizon Console.

Administrators

Administrators (Read only)

Inventory Administrators

Inventory Administrators (Read only)

Global Configuration and Policy Administrators

Global Configuration and Policy Administrators (Read only)

Helpdesk Administrators

Helpdesk Administrators (Read Only)

Local Administrators

Local Administrators (Read Only)

Direct Interaction Run all PowerShell commands and command line utilities, except for vdmadmin and vdmimport.

Administrators must have the Administrators role on the root access group to use the vdmadmin, vdmimport, and lmvutil commands.

Note: VMware Horizon adds the Direct Interaction privilege to new roles automatically. This privilege does not appear in the list of global privileges in Horizon Console.

Administrators

Administrators (Read only)

Manage Access Groups Add and remove access groups and, in a Cloud Pod Architecture environment, federation access groups.

Administrators

Local Administrators

Manage Global Configuration and Policies View and modify global policies and configuration settings except for administrator roles and permissions.

Administrators

Global Configuration and Policy Administrators

Manage Roles and Permissions Create, modify, and delete administrator roles and permissions. Administrators
Register Agent Install Horizon Agent on unmanaged machines, such as physical systems, standalone virtual machines, and RDS hosts.

During Horizon Agent installation, you must provide your administrator login credentials to register the unmanaged machine with the Connection Server instance.

Administrators

Agent Registration Administrators

Manage vCenter Configuration (Read only) Read only access to the vCenter Server configuration.

Administrators

Administrators (Read only)

Inventory Administrators

Inventory Administrators (Read only)

Local Administrators

Local Administrators (Read Only)