How to Add a Permission to a Federation Access Group

You add a permission to a federation access group to define the actions that can be performed on the global entitlements and global sessions in the federation access group and the administrator users or groups that can perform the actions.

When you add a permission, Horizon Console prompts you to select a role to define the actions that can be performed and a user or group that can perform the actions.

The role that you select must contain at least one object-specific privilege that is applicable to federation access groups. Roles that contain only global privileges or access-group specific privileges cannot be applied to federation access groups. For information about creating custom roles for federation access groups, see How to Manage Global Entitlements and Global Sessions in Federation Access Groups in Horizon Console.

Prerequisites

Create a federation access group. See How to Add a Federation Access Group in Horizon Console.
Become familiar with permissions. See Understanding Permissions for Federation Access Groups.

Procedure

Log in to the Horizon Console user interface for any Connection Server instance in the pod federation.
Select Settings > Administrators.
To create a permission that includes a specific federation access group, perform these steps.
1. Select the Federation Access Groups tab.
2. Select the federation access group and click Add Permissions.
3. Click Add, select one or more search criteria, and click Find to find administrator users or groups that match your search criteria.
4. Select an administrator user or group to include in the permission and click OK.
  You can press the Ctrl and Shift keys to select multiple users and groups.
5. Click Next, select a role, and click Finish.
  Only roles that are applicable to federation access groups are available for selection.
To create a permission that includes a specific administrator user or group, perform these steps.
1. On the Administrators and Groups tab, select the administrator or group and click Add Permission.
2. Select a role that applies to federation access groups, click Next, select the federation access group, and click Finish.
  If a role is applicable to both access groups and federation access groups, you must select an access group in addition to the federation access group.
To create a permission that includes a specific role, perform these steps.
1. On the Role Permissions tab, select the role, and click Add Permissions.
2. Click Add, select one or more search criteria, and click Find to find administrator users or groups that match your search criteria.
3. Select an administrator user or group to include in the permission and click OK.
  You can press the Ctrl and Shift keys to select multiple users and groups.
4. Select a role that applies to federation access groups and click Finish.
  If a role is applicable to both access groups and federation access groups, you must select an access group in addition to the federation access group.