Object-specific privileges control operations on specific types of inventory objects. Roles that contain object-specific privileges can be applied to access groups. In a Cloud Pod Architecture environment, roles that contain certain object-specific privileges are applicable to federation access groups.
The following table describes the object-specific privileges. The predefined roles Administrators, Local Administrators, Help Desk Administrators, and Inventory Administrators contain these privileges.
| Privilege | Privilege Set | User Capabilities | Object |
|---|---|---|---|
| Enable Farms and Desktop Pools | MACHINE_VIEW POOL_ENABLE POOL_VIEW GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE |
Enable and disable desktop pools. | Desktop pool, application pool, farm |
| Entitle Desktop and Application Pools | MACHINE_VIEW POOL_ENTITLE POOL_VIEW GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE |
Add and remove user entitlements. | Desktop pool, application pool |
| Manage Cloud Pod Architecture | FEDERATED_LDAP_VIEW FEDERATED_LDAP_MANAGE MACHINE_VIEW POOL_VIEW GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE |
Configure and manage a Cloud Pod Architecture environment, including global entitlements, sites, home sites, and pods. To manage a Cloud Pod Architecture configuration, an administrator must have this privilege on the root federation access group. |
Desktop pool, application pool, farm, machine, global entitlements |
| Manage Global Sessions | FEDERATED_SESSIONS_MANAGE FEDERATED_SESSIONS_VIEW GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE |
Manage global sessions in a Cloud Pod Architecture environment. | Global sessions |
| Manage Maintenance Operations on Automated Desktops and Farms | MACHINE_VIEW POOL_SVI_IMAGE_MANAGEMENT POOL_VIEW GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE |
Schedule push image, schedule maintenance, and change the default image for a desktop pool and farm. | Desktop pool, farm |
| Manage Machine | MACHINE_MANAGE_OFFLINE_SESSION MACHINE_MANAGE_VDI_SESSION MACHINE_MANAGEMENT MACHINE_REBOOT MACHINE_VIEW MANAGE_REMOTE_PROCESS POOL_VIEW REMOTE_ASSISTANCE GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE |
Perform all machine and session-related operations. | Machine |
| Manage Machine Alias and User Assignment | GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE MACHINE_USER_MANAGEMENT MACHINE_VIEW POOL_VIEW |
Assign and unassign users for machines and update machine aliases. | Machine |
| Manage Machine Maintenance | GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE MACHINE_MAINTENANCE MACHINE_VIEW POOL_VIEW |
Put machines into maintenance mode and take machines out of maintenance mode. | Machine |
| Manage Farms and Desktop and Application Pools | MACHINE_VIEW POOL_ENABLE POOL_ENTITLE POOL_MANAGEMENT POOL_SVI_IMAGE_MANAGEMENT POOL_VIEW VC_CONFIG_VIEW GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE |
Add, modify, and delete farms. Add, modify, delete, and entitle desktop and application pools. Add and remove machines. | Desktop pool, application pool, farm |
| Manage Sessions | MACHINE_MANAGE_VDI_SESSION MACHINE_VIEW POOL_VIEW GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE |
Disconnect and log off sessions and send messages to users. | Session |
| Manage Reboot Operation | MACHINE_REBOOT MACHINE_VIEW POOL_VIEW GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE |
Reset virtual machines or restart virtual desktops. | Machine |
| Manage Help Desk (Read only) | FEDERATED_LDAP_VIEW FEDERATED_SESSIONS_VIEW FOLDER_VIEW GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE GLOBAL_CONFIG_VIEW HELPDESK_ADMINISTRATOR_VIEW MACHINE_VIEW POOL_VIEW |
Read-only access to the Horizon Help Desk Tool, global settings, and global policies, except for administrators and roles and Cloud Pod Architecture configurations. | Desktop pool, application pool, farm, machine, session, global entitlements, global sessions |
| Manage Remote Processes and Applications | MACHINE_VIEW MANAGE_REMOTE_PROCESS POOL_VIEW GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE |
Manage remote processes and applications on remote desktop. | Machine |
| Remote Assistance | MACHINE_VIEW POOL_VIEW REMOTE_ASSISTANCE GLOBAL_ADMIN_SDK_INTERACTIVE GLOBAL_ADMIN_UI_INTERACTIVE |
Remote assistance to remote desktop. | Machine |
