An administrator must have certain privileges or roles to perform general administration tasks and run command line utilities.
The following table shows the privileges and roles that are required to perform general administration tasks and run command line utilities.
|Task||Required Privileges or Roles|
|Add or delete an access group or federation access group||Manage Access Groups|
|Install Horizon Agent on an unmanaged machine, such as a physical system, standalone virtual machine, or RDS host||Register Agent|
|View or modify configuration settings (except for administrators) in Horizon Agent||Manage Global Configuration and Policies|
|Run all PowerShell commands and command line utilities except for vdmadmin and vdmimport.|| Direct Interaction
Note: Horizon adds the Direct Interaction privilege to new roles automatically. This privilege is not visible in the list of privileges in Horizon Console.
|Use the vdmadmin and vdmimport commands||Must have the Administrators role on the root access group.|
|Use the vdmexport command||Must have the Administrators role or the Administrators (Read only) role on the root access group.|
|Read only access to a vCenter Server configuration.||Manage vCenter Configuration (Read only)|
|Request and import certificates||Manage Certificates|