Planning your return to office strategy? See how Chrome OS can help.

Delegate administrator roles in Chrome

If your organization needs multiple Chrome administrators, you can create administrator roles in your Google Admin console. Administrator roles let you grant administrators access to settings they need while blocking access to settings they don't need.

For example, you can let teachers create new users and set passwords for students, without giving them management access to all the devices in your school district. You can also give a manager administrative access to configure the email settings of their direct reports, without giving Super Admin permissions over your entire domain.

To create and assign administrative roles, make sure you sign in using an account with super administrator privileges. To learn more about the super admin role, watch this video.

About administrator roles and privileges

To change Chrome privileges for an administrator role:

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Admin roles.
  3. On the left, click the role you want to change.
  4. On the Privileges tab, check boxes to select each privilege you want users with this role to have.
    1. For Chrome OS, go to Admin Console Privileges and then Services and then Chrome OS.
    2. For Chrome browser, go to Admin Console Privileges and then Google Chrome Management.
  5. Click Save changes.

Note: All chrome privileges can be delegated by organizational unit.

Setting What permissions it gives to delegated administrators Available for
Manage Application Settings READ and WRITE access to the Apps and Extensions section of User & Browser Settings for the organizational units for which the delegated admin has privileges. This is a subcategory of User & Browser Settings, so all admins who can manage User & Browser Settings can also manage Application Settings.* Chrome OS and Chrome browser
Manage Device Settings READ and WRITE access to Device Settings for the organizational units for which the delegated admin has privileges. Chrome OS
Manage Devices READ and WRITE access to Devices. Chrome OS
Manage Printers READ and WRITE access to Printers and Print Servers settings for the organizational units for which the delegated admin has privileges. Chrome OS and Chrome browser
Manage User Settings READ and WRITE access to User & Browser Settings for the organizational units for which the administrator has privileges. Chrome OS and Chrome browser
Managed Browsers READ and WRITE access to Managed Browsers Chrome browser
View Versions Report READ access to Versions Report. Admins that also have the Managed Browsers and Manage Devices privileges can click through to more detail. Chrome OS and Chrome browser
View Extensions List Report READ access to Browser extension list. Admins that also have the Manage Application Settings privilege can take actions on this page. Chrome browser

*Use Manage Application Settings if you want to give a teacher the ability to preinstall and manage applications for his students without giving him access to all of the permissions under User & Browser Settings.

For more about delegated administration roles, see Administrator privilege details.

Setup

  1. If you haven’t already, create organizational units in the Admin console. These can be groupings such as schools and classrooms, or business subsidiaries and offices. Watch How to manage organizational units for more details.
  2. Follow these instructions to grant administrator privileges to users in your organization, or watch how to create a custom admin role and how to apply that role to a user for details.

Once you’ve assigned privileges, do the following to see which roles your user has been assigned.

  1. In your Admin console, click Users and click on the name of a user.
  2. Scroll down and click Admin roles and privileges to see the privileges that user has.
If you choose a setting that isn't manageable by suborganization, when you assign roles, you won't be able to choose a suborganization.

Related topics

Was this helpful?
How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
410864
false