Global privileges control system-wide operations, such as viewing and changing global settings. Roles that contain only global privileges cannot be applied to access groups. In a Cloud Pod Architecture environment, roles that contain only global privileges also cannot be applied to federation access groups.
The following table describes the global privileges and lists the predefined roles that contain each privilege.
Privilege | User Capabilities | Predefined Roles |
---|---|---|
Collect Operation Logs | Collect operation logs for pools, farms, or Connection Server. | |
Console Interaction | Log in to and use Horizon Console.
Note: VMware Horizon adds the
Console Interaction privilege to new roles automatically. This privilege does not appear in the list of global privileges in
Horizon Console.
|
Administrators Administrators (Read only) Inventory Administrators Inventory Administrators (Read only) Global Configuration and Policy Administrators Global Configuration and Policy Administrators (Read only) Helpdesk Administrators Helpdesk Administrators (Read Only) Local Administrators Local Administrators (Read Only) |
Direct Interaction | Run all PowerShell commands and command line utilities, except for vdmadmin and vdmimport. Administrators must have the Administrators role on the root access group to use the vdmadmin, vdmimport, and lmvutil commands.
Note: VMware Horizon adds the
Direct Interaction privilege to new roles automatically. This privilege does not appear in the list of global privileges in
Horizon Console.
|
Administrators Administrators (Read only) |
Manage Access Groups | Add and remove access groups and, in a Cloud Pod Architecture environment, federation access groups. | Administrators Local Administrators |
Manage Global Configuration and Policies | View and modify global policies and configuration settings except for administrator roles and permissions. | Administrators Global Configuration and Policy Administrators |
Manage Roles and Permissions | Create, modify, and delete administrator roles and permissions. | Administrators |
Register Agent | Install Horizon Agent on unmanaged machines, such as physical systems, standalone virtual machines, and RDS hosts. During Horizon Agent installation, you must provide your administrator login credentials to register the unmanaged machine with the Connection Server instance. |
Administrators Agent Registration Administrators |
Manage vCenter Configuration (Read only) | Read only access to the vCenter Server configuration. | Administrators Administrators (Read only) Inventory Administrators Inventory Administrators (Read only) Local Administrators Local Administrators (Read Only) |