Object-specific privileges control operations on specific types of inventory objects. Roles that contain object-specific privileges can be applied to access groups. In a Cloud Pod Architecture environment, roles that contain certain object-specific privileges are applicable to federation access groups.
The following table describes the object-specific privileges. The predefined roles Administrators, Local Administrators, Help Desk Administrators, and Inventory Administrators contain these privileges.
|Enable Farms and Desktop Pools||Enable and disable desktop pools.||Desktop pool, application pool, farm|
|Entitle Desktop and Application Pools||Add and remove user entitlements.||Desktop pool, application pool|
|Manage Cloud Pod Architecture||Configure and manage a Cloud Pod Architecture environment, including global entitlements, sites, home sites, and pods.
To manage a Cloud Pod Architecture configuration, an administrator must have this privilege on the root federation access group.
|Desktop pool, application pool, farm, machine, global entitlements|
|Manage Global Sessions||Manage global sessions in a Cloud Pod Architecture environment.||Global sessions|
|Manage Maintenance Operations on Automated Desktops and Farms||Schedule push image, schedule maintenance, and change the default image for a desktop pool and farm.||Desktop pool, farm|
|Manage Machine||Perform all machine and session-related operations.||Machine|
|Manage Farms and Desktop and Application Pools||Add, modify, and delete farms. Add, modify, delete, and entitle desktop and application pools. Add and remove machines.||Desktop pool, application pool, farm|
|Manage Sessions||Disconnect and log off sessions and send messages to users.||Session|
|Manage Reboot Operation||Reset virtual machines or restart virtual desktops.||Machine|
|Manage Help Desk (Read only)||Read-only access to the Horizon Help Desk Tool, global settings, and global policies, except for administrators and roles and Cloud Pod Architecture configurations.||Desktop pool, application pool, farm, machine, session, global entitlements, global sessions|