If your organization needs multiple Chrome administrators, you can create administrator roles in your Google Admin console. Administrator roles let you grant administrators access to settings they need while blocking access to settings they don't need.
For example, you can let teachers create new users and set passwords for students, without giving them management access to all the devices in your school district. You can also give a manager administrative access to configure the email settings of their direct reports, without giving Super Admin permissions over your entire domain.
To create and assign administrative roles, make sure you sign in using an account with super administrator privileges. To learn more about the super admin role, watch this video.
About administrator roles and privileges
To change Chrome privileges for an administrator role:
Sign in to your Google Admin console.
Sign in using an account with super administrator privileges (does not end in @gmail.com).
In the Admin console, go to Menu AccountAdmin roles.
- Click the link of the role you want to change.
- Click Privileges.
- Under Admin Console Privileges, scroll to Services Chrome Management.
- Check the boxes to select each privilege you want users with this role to have.
- Click Save changes.
Note: All chrome privileges can be delegated by organizational unit.
|Setting||What permissions it gives to delegated administrators||Available for|
|Settings||Selects all the permissions settings in the Chrome Management section.||ChromeOS and Chrome browser|
|Manage User Settings||READ and WRITE access to User & Browser Settings for the organizational units for which the administrator has privileges.||ChromeOS and Chrome browser|
|Manage Application Settings||READ and WRITE access to the Apps and Extensions section of User & Browser Settings for the organizational units for which the delegated admin has privileges. This is a subcategory of User & Browser Settings, so all admins who can manage User & Browser Settings can also manage Application Settings.*||ChromeOS and Chrome browser|
|Managed Browsers||READ and WRITE access to Managed Browsers||Chrome browser|
|View Extensions List Report||READ access to Browser extension list. Admins that also have the Manage Application Settings privilege can take actions on this page.||Chrome browser|
|View Chrome Versions Report||READ access to Versions Report. Admins that also have the Managed Browsers and Manage Devices privileges can click through to more detail.||ChromeOS and Chrome browser|
|View Chrome Insights Report||READ access to Insights Report. Admins that also have the Managed Browsers and Manage ChromeOS Devices privileges can click through to more detail.||ChromeOS and Chrome browser|
|Manage Printers||READ and WRITE access to Printers and Print Servers settings for the organizational units for which the delegated admin has privileges.||ChromeOS and Chrome browser|
|Manage ChromeOS Devices||READ and WRITE access to ChromeOS Devices.||ChromeOS|
|Manage ChromeOS Devices (read only)||READ access to ChromeOS devices.||ChromeOS|
|Start Remote Desktop||Enables the admin to access and troubleshoot ChromeOS devices remotely by starting a Chrome Remote Desktop session.||ChromeOS|
|Manage ChromeOS Device Settings||READ and WRITE access to ChromeOS Device Settings for the organizational units for which the delegated admin has privileges.||ChromeOS|
*Use Manage Application Settings if you want to give a teacher the ability to preinstall and manage applications for his students without giving him access to all of the permissions under User & Browser Settings.
For more about delegated administration roles, see Administrator privilege details.
- If you haven’t already, create organizational units in the Admin console. These can be groupings such as schools and classrooms, or business subsidiaries and offices. Watch How to manage organizational units for more details.
- Follow these instructions to grant administrator privileges to users in your organization, or watch how to create a custom admin role and how to apply that role to a user for details.
Once you’ve assigned privileges, do the following to see which roles your user has been assigned.
- In your Admin console, click Users and click on the name of a user.
- Scroll down and click Admin roles and privileges to see the privileges that user has.