Create an admin role for an organizational unit

As your organization’s administrator, you can assign a user to a custom administrator role so they can perform management tasks for an organizational unit. For example, you might want to grant the Chrome Management privilege to a user so they can assign devices to users only in the Sales organizational unit.

Before you begin

You can only assign certain privileges to a custom role for an organizational unit. If you grant any other privileges to the custom role, you can’t limit the role for use with an organizational unit. 

You can assign the following privileges:

  • Users
  • User Security Management
  • Organizational Units
  • Chrome Management
  • Shared device settings

For details on each of the privileges, go to Administrator privilege definitions.

If you use the Google Vault archiving and eDiscovery service, your custom role can also grant any of these privileges:

  • Manage Matters
  • Manage Holds
  • Manage Searches
  • Manage Exports

For details on each of the privileges, go to Understand and grant Vault privileges.

Important: If you want to include any other privileges later, you first need to remove all users. If you add any other privileges, the custom role can be used for anyone in your organization, not just an organizational unit.

Create and assign the role

  1. Go to Create a custom role and follow the steps. Make sure the role only includes privileges that apply to organizational units (details above).
  2. Click Assign role.
  3. Add a user that you want to assign to the role.
  4. Next to the user, click the organizational unit.
  5. Select the organizational unit and click Done.
  6. Click Assign Role.
Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue