If you don't want to give a user full access to the Google Admin console, you can let them perform only a subset of administrative tasks. Do this by assigning an admin role.
How administrator roles work
You decide how much access to give an administrator by assigning them an admin role. Assign more than one role to a user to grant all the privileges in those roles.
In the Admin console, admins can view only the information and perform only the tasks that their role's privileges allow. For example, you assign the pre-built User Management role to someone. Then they can view and modify only specific user profile and settings for people who aren’t admins.
Before you start
- Assign a pre-built system role for performing common tasks.
- Create and assign a custom role that has different access levels.
View system roles and custom roles (if any) in the Admin console
-
Sign in to your Google Admin console.
Sign in using an account with super administrator privileges (does not end in @gmail.com).
- From the Admin console Home page, go to Admin roles.
- At the left, click the role to view or assign.
- To view the role's privileges, click View privileges.
- To view the admins assigned this role, click View admins.
Assign roles to users
You must be signed in as a super administrator for this task.
Assign roles to one user-
Sign in to your Google Admin console.
Sign in using an account with super administrator privileges (does not end in @gmail.com).
- From the Admin console Home page, go to Users.
- In the Users list, find the user. For tips, go to Find a user account.
- Click the user’s name to open their account page.
- Click Admin roles and privileges.
- Assign a role:
- Assign a pre-built role or a custom role: Click the slider
for the role.
If you don’t see the sliders, click anywhere under Roles to display them:
Tip: Enter a role in the the Search by role name box.
OR - Create a new role for the user: Click Create Custom Role.
For details, see Create custom administrator roles.
- Assign a pre-built role or a custom role: Click the slider
- If the role includes a user management privilege, you can limit the admin's actions to specific organizational units. Click All organizational units
and select the organizations you want the administrator to manage. The administrator can also manage sub-organizations that inherit this setting.
- Click Save.
Tip: In the Privileges section below, you can see all the user's privileges from all admin roles they’re assigned to.
To return to the user’s account page, at the top right, click the Up arrow .
-
Sign in to your Google Admin console.
Sign in using an account with super administrator privileges (does not end in @gmail.com).
- From the Admin console Home page, go to Admin roles.
- Click the role you want to assign.
Tip: You can switch between Admins and Privileges by clicking Privileges in the top left.
- Click Assign role.
- Type the first few letters of the user's address (not username) and press Enter. You can assign up to 20 users at time.
- For custom roles that include a least one user management privilege, you can restrict an admin's role to a specific organizational unit:
- One administrator: click
- All administrators: At the top of the roles list, check the Admins box and then the Organizational Unit box.
- One administrator: click
The user typically gets their new privileges within a few minutes. However, it can take up to 24 hours. When they sign in to their account, they arrive at the Admin console Home page. Here they see the controls allowed by their privileges.
Next steps
Have each administrator add recovery options to their account.