An administrator must have certain privileges to manage users and administrators in Horizon Console.
The following table lists common user and administrator management tasks and shows the privileges that are required to perform each task. You manage users on the Users and Groups page in Horizon Console. You manage administrators on the Global Administrators View page in Horizon Console.
| Task | Required Privileges |
|---|---|
| Update general user information. | Manage Global Configuration and Policies |
| Add an administrator user or group. | Manage Roles and Permissions |
| Add, modify, or delete an administrator permission. | Manage Roles and Permissions |
| Add, modify, or delete an administrator role. | Manage Roles and Permissions |
Privileges and Roles for Managing Remote Access and Unauthenticated Access
To access the Remote Access and Unauthenticated Access tabs on the Users and Groups page, an administrator must have the Global Configuration and Policy Administrators (Read only) role. To perform operations on these tabs, an administrator must have the Global Configuration and Policy Administrators role, or, at a minimum, the Manage Global Configuration and Policies privilege.
If the Cloud Pod Architecture feature is enabled, to perform operations on the Unauthenticated Access tab, an administrator must additionally have the Manage Cloud Pod Architecture privilege on the root federation access group.
