Object-specific privileges control operations on specific types of inventory objects. Roles that contain object-specific privileges can be applied to access groups. In a Cloud Pod Architecture environment, roles that contain certain object-specific privileges are applicable to federation access groups.

The following table describes the object-specific privileges. The predefined roles Administrators, Local Administrators, Help Desk Administrators, and Inventory Administrators contain these privileges.

Table 1. Object-Specific Privileges
Privilege User Capabilities Object
Enable Farms and Desktop Pools Enable and disable desktop pools. Desktop pool, application pool, farm
Entitle Desktop and Application Pools Add and remove user entitlements. Desktop pool, application pool
Manage Cloud Pod Architecture Configure and manage a Cloud Pod Architecture environment, including global entitlements, sites, home sites, and pods.

To manage a Cloud Pod Architecture configuration, an administrator must have this privilege on the root federation access group.

Desktop pool, application pool, farm, machine, global entitlements
Manage Global Sessions Manage global sessions in a Cloud Pod Architecture environment. Global sessions
Manage Maintenance Operations on Automated Desktops and Farms Schedule push image, schedule maintenance, and change the default image for a desktop pool and farm. Desktop pool, farm
Manage Machine Perform all machine and session-related operations. Machine
Manage Farms and Desktop and Application Pools Add, modify, and delete farms. Add, modify, delete, and entitle desktop and application pools. Add and remove machines. Desktop pool, application pool, farm
Manage Sessions Disconnect and log off sessions and send messages to users. Session
Manage Reboot Operation Reset virtual machines or restart virtual desktops. Machine
Manage Help Desk (Read only) Read-only access to the Horizon Help Desk Tool, global settings, and global policies, except for administrators and roles and Cloud Pod Architecture configurations. Desktop pool, application pool, farm, machine, session, global entitlements, global sessions