Administrator account permissionsTo set permissions for a RAS administrator, do the following:
When you click the Change Permissions button in the Administrator Properties dialog, the following happens depending on what is selected in the Permissions field:
Power administrator permissions The following permissions can be set for a Power administrator:
In the Global permission area, set the following:
Custom administrator permissions To set custom administrator permissions, you must be either a root administrator or a power administrator with the "Allow site changes" permission granted. When you first create an administrator of this type, they will have no permissions. To add permissions, select a Site in the left pane and then click the Change permissions button. The Account Permissions dialog opens. In the dialog, select a permission type in the left pane. The permission types are:
After you select a permission type, you can set the actual permissions in the right pane. Different permission types may have different sets of permissions. The following list describes all available permissions:
The lower portion of the right pane lists individual objects (e.g. servers) if the selected permission type has them. Here, you can set individual permissions for a specific object (not the entire tab, for instance, which otherwise would include all available objects). The Global permissions options at the top of the right pane enables all permissions for all objects for the selected permission type. Clone permissions As a root administrator (or a power administrator with sufficient privileges), you can apply (clone) permissions of an existing administrator account to another existing account. This way, you can configure permissions for one account and then quickly apply the same configuration to all other accounts that require them. To clone permissions, select a source administrator account and click Tasks > Clone permissions. In the dialog that opens, select a destination account (or multiple accounts) and click OK. Delegate permissions There could be a situation when a power administrator needs to grant some permissions to a custom administrator. This cannot be done by modifying permissions because power administrators cannot manage administrator accounts directly. Instead, they can delegate some of their own permissions in a given Site to a custom administrator of their choice. For example, if a power administrator wants the custom administrator to be able to manage a particular RD Session Host, he/she selects that host in the RAS Console and click Tasks > Delegate permissions. This opens a dialog where the administrator can select a custom administrator and specify which permissions (view, modify, etc.) that administrator should have. The Tasks > Delegate permissions menu option is available for many objects, such as RD Session Hosts, VDI providers, guest VMs (desktops), and some others. If the menu is not available for an object, it means that this functionality is not available for objects of this type. |
||||
|