A key management task in a VMware Horizon 8 environment is to determine who can use the Horizon console and what tasks those users are authorized to perform.

The authorization to perform tasks in the console is governed by an access control system that consists of administrator roles and privileges. A role is a collection of privileges. Privileges grant the ability to perform specific actions, such as entitling a user to a desktop pool or changing a configuration setting. Privileges also control what an administrator can see in the console.

An administrator can create folders to subdivide desktop pools and delegate the administration of specific desktop pools to different administrators in the console. An administrator configures administrator access to the resources in a folder by assigning a role to a user on that folder. Administrators can only access the resources that reside in folders for which they have assigned roles. The role that an administrator has on a folder determines the level of access that the administrator has to the resources in that folder.

The Horizon console includes a set of predefined roles. Administrators can also create custom roles by combining selected privileges.