Horizon Console presents the combination of a role, an administrator user or group, and an access group as a permission. The role defines the actions that can be performed, the user or group indicates who can perform the action, and the access group contains the objects that are the target of the action.
Permissions appear differently in Horizon Console depending on whether you select an administrator user or group, an access group, or a role.
The following table shows how permissions appear in Horizon Console when you select an administrator user or group. The administrator user is called Admin 1 and it has two permissions.
Role | Access Group |
---|---|
Inventory Administrators | MarketingDesktops |
Administrators (Read only) | / |
The first permission shows that Admin 1 has the Inventory Administrators role on the access group called MarketingDesktops. The second permission shows that Admin 1 has the Administrators (Read only) role on the root access group.
The following table shows how the same permissions appear in Horizon Console when you select the MarketingDesktops access group.
Admin | Role | Inherited |
---|---|---|
horizon-domain.com\Admin1 | Inventory Administrators | |
horizon-domain.com\Admin1 | Administrators (Read only) | Yes |
The first permission is the same as the first permission shown in Permissions on the Administrators and Groups Tab for Admin 1. The second permission is inherited from the second permission shown in Permissions on the Administrators and Groups Tab for Admin 1. Because access groups inherit permissions from the root access group, Admin1 has the Administrators (Read only) role on the MarketingDesktops access group. When a permission is inherited, a check mark appears in the Inherited column.
The following table shows how the first permission in Permissions on the Administrators and Groups Tab for Admin 1 appears in Horizon Console when you select the Inventory Administrators role.
Administrator | Access Group |
---|---|
horizon-domain.com\Admin1 | /MarketingDesktops |
For information about permissions and federation access groups, see the Cloud Pod Architecture in Horizon document.