Delegate administrator roles in Chrome
If your organization needs multiple Chrome administrators, you can create administrator roles in your Google Admin console. Administrator roles let you grant administrators access to settings they need while blocking access to settings they don't need.
With delegated administration for Chrome devices, you can grant users permissions specific to their roles. For example, you can let teachers create new users and set passwords for students, without giving them management access to all the devices in your school district. You can also give a manager administrative access to configure the email settings of their direct reports, without giving Super Admin permissions over your entire domain.
About administrator roles and privileges
These settings give you more control of what other administrators in your organization can do. These settings can limit administrator access to specific Chrome Management tabs in the Admin console.
To change Chrome privileges for an administrator role:
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
From the Admin console Home page, go to Admin roles.
To see Admin roles, you might have to click More controls at the bottom.
- On the left, click the role you want to change.
- On the Privileges tab, check boxes to select each privilege you want users with this role to have.
- For Chrome OS, go to Admin Console Privileges Services Chrome OS.
- For Chrome browser, go to Admin Console Privileges Google Chrome Management.
- Click Save changes.
|Setting||What permissions it gives to delegated administrators||Applies to||Can be delegated by OU|
|Manage Devices||READ and WRITE access to Devices.||Chrome OS||Yes|
|Manage User Settings||READ and WRITE access to User Settings for the organizational units for which the administrator has privileges.||Chrome OS and Chrome browser||Yes|
|Manage Application Settings||READ and WRITE access to the Apps and Extensions section of User Settings for the organizational units for which the delegated admin has privileges. This is a subcategory of User Settings, so all admins who can manage User Settings can also manage Application Settings.*||Chrome OS and Chrome browser||Yes|
|Manage Device Settings||READ and WRITE access to Device Settings for the organizational units for which the delegated admin has privileges.||Chrome OS||Yes|
*Use Manage Application Settings if you want to give a teacher the ability to preinstall and manage applications for his students without giving him access to all of the permissions under User Settings.
For more about delegated administration roles, see Administrator privilege details.
- If you haven’t already, create organizational units in G Suite. These can be groupings such as schools and classrooms, or business subsidiaries and offices.
- Follow these instructions to grant administrator privileges to users in your organization.
Once you’ve assigned privileges, do the following to see which roles your user has been assigned.
- In your Admin console, click Users and click on the name of a user.
- Scroll down and click Show more at the bottom.
- Click Admin roles and privileges to see the privileges that user has.