Delegate administrator roles in Chrome
If your organization needs multiple Chrome administrators, you can create administrator roles in your Google Admin console. Administrator roles let you grant administrators access to settings they need while blocking access to settings they don't need.
With delegated administration for Chrome devices, you can grant users permissions specific to their roles, such as giving a teacher the ability to create new users and set passwords for students in his classroom, without giving him management access to all the devices in your school district. Likewise, with this feature, you can give a manager administrative access to configure the email settings of his direct reports, without giving him Super Admin permissions over your entire domain.
About Administrator Roles and Privileges
These settings give you more control of what other administrators in your organization can do. These settings can limit administrator access to specific Chrome Management tabs in the Admin console, like the following. Settings that can be delegated by organizational unit (OU) are marked as such in the third column.
Note: Access these settings in the Services Privilege.
|Setting||What permissions it gives to delegated administrators||Can be delegated by OU|
|Manage Device Shipments||READ access to Shipments.||No|
|Manage Devices||READ and WRITE access to Devices.||Yes|
|Manage User Settings||READ and WRITE access to User Settings for the organizational units for which the administrator has privileges.||Yes|
|Manage Application Settings||READ and WRITE access to the Apps and Extensions section of User Settings for the organizational units for which the delegated admin has privileges. This is a subcategory of User Settings, so all admins who can manage User Settings can also manage Application Settings.*||Yes|
|Manage Device Settings||READ and WRITE access to Device Settings for the organizational units for which the delegated admin has privileges.||Yes|
|Manage User and Device Networks||READ and WRITE access to Networks for the organizational units for which the delegated admin has privileges.||Yes|
*Use Manage Application Settings if you want to give a teacher the ability to preinstall and manage applications for his students without giving him access to all of the permissions under User Settings.
For more about delegated administration roles, see Administrator privilege details.
- If you haven’t already, create organizational units in Google Apps. These can be groupings such as schools and classrooms, or business subsidiaries and offices.
- Follow these instructions to grant administrator privileges to users in your organization.
Once you’ve assigned privileges, do the following to see which roles your user has been assigned.
- In your Admin console, click Users and click on the name of a user.
- Scroll down and click Show more at the bottom.
- Click Admin roles and its priviledges to see the privileges that user has.