Horizon Console presents the combination of a role, an administrator user or group, and a federation access group as a permission. The role defines the actions that can be performed, the user or group indicates who can perform the action, and the federation access group contains the global entitlements that are the target of the action.
Permissions appear differently in Horizon Console depending on whether you select an administrator user or group, a federation access group, or a role.
The following table shows how permissions appear in Horizon Console when you select an administrator user or group on the on the Administrators and Groups tab. The administrator user is called Admin 1 and it has two permissions.
|Role||Federation Access Group|
|Help Desk Administrators||Federation_Group_1|
|Administrators (Read only)||Root(/)|
The first permission shows that Admin 1 has the Help Desk Administrators role on the federation access group called Federation_Group_1. The second permission shows that Admin 1 has the Administrators (Read only) role on the root federation access group.
The following table shows how the same permissions appear in Horizon Console when you select Federation_Group_1 on the Federation Access Groups tab.
|horizon-domain.com\Admin1||Help Desk Administrators|
|horizon-domain.com\Admin1||Administrators (Read only)||Yes|
The first permission is the same as the first permission shown in the first table. The second permission is inherited from the second permission shown in the first table. Because federation access groups inherit permissions from the root federation access group, Admin1 has the Administrators (Read only) role on Federation_Group_1. When a permission is inherited, a check mark appears in the Inherited column.
The following table shows how the permissions in the first table appear in Horizon Console when you select the Help Desk Administrators role on the Role Permissions tab.
|Administrator||Federation Access Group|