If your organization needs multiple Chrome administrators, you can create administrator roles in your Google Admin console. Administrator roles let you grant administrators access to settings they need while blocking access to settings they don't need.
For example, you can let teachers create new users and set passwords for students, without giving them management access to all the devices in your school district. You can also give a manager administrative access to configure the email settings of their direct reports, without giving Super Admin permissions over your entire domain.
To create and assign administrative roles, make sure you sign in using an account with super administrator privileges. To learn more about the super admin role, watch this video.
About administrator roles and privileges
To change Chrome privileges for an administrator role:
From the Admin console Home page, go to Admin roles.
- On the left, click the role you want to change.
- On the Privileges tab, check boxes to select each privilege you want users with this role to have.
- For Chrome OS, go to Admin Console Privileges Services Chrome OS.
- For Chrome browser, go to Admin Console Privileges Google Chrome Management.
- Click Save changes.
Note: All chrome privileges can be delegated by organizational unit.
|Setting||What permissions it gives to delegated administrators||Available for|
|Manage Application Settings||READ and WRITE access to the Apps and Extensions section of User & Browser Settings for the organizational units for which the delegated admin has privileges. This is a subcategory of User & Browser Settings, so all admins who can manage User & Browser Settings can also manage Application Settings.*||Chrome OS and Chrome browser|
|Manage Device Settings||READ and WRITE access to Device Settings for the organizational units for which the delegated admin has privileges.||Chrome OS|
|Manage Devices||READ and WRITE access to Devices.||Chrome OS|
|Manage Printers||READ and WRITE access to Printers and Print Servers settings for the organizational units for which the delegated admin has privileges.||Chrome OS and Chrome browser|
|Manage User Settings||READ and WRITE access to User & Browser Settings for the organizational units for which the administrator has privileges.||Chrome OS and Chrome browser|
|Managed Browsers||READ and WRITE access to Managed Browsers||Chrome browser|
|View Versions Report||READ access to Versions Report. Admins that also have the Managed Browsers and Manage Devices privileges can click through to more detail.||Chrome OS and Chrome browser|
|View Extensions List Report||READ access to Browser extension list. Admins that also have the Manage Application Settings privilege can take actions on this page.||Chrome browser|
*Use Manage Application Settings if you want to give a teacher the ability to preinstall and manage applications for his students without giving him access to all of the permissions under User & Browser Settings.
For more about delegated administration roles, see Administrator privilege details.
- If you haven’t already, create organizational units in the Admin console. These can be groupings such as schools and classrooms, or business subsidiaries and offices. Watch How to manage organizational units for more details.
- Follow these instructions to grant administrator privileges to users in your organization, or watch how to create a custom admin role and how to apply that role to a user for details.
Once you’ve assigned privileges, do the following to see which roles your user has been assigned.
- In your Admin console, click Users and click on the name of a user.
- Scroll down and click Admin roles and privileges to see the privileges that user has.