Assign specific admin roles to a user

If you don't want to give a user full access to the Google Admin console, you can let them perform only a subset of administrative tasks. Do this by assigning an admin role. 

How administrator roles work

You decide how much access to give an administrator by assigning them an admin role. Assign more than one role to a user to grant all the privileges in those roles.

In the Admin console, admins can view only the information and perform only the tasks that their role's privileges allow. For example, you assign the pre-built User Management role to someone. Then they can view and modify only specific user profile and settings for people who aren’t admins.

Before you start

Decide whether you want to:

View system roles and custom roles (if any) in the Admin console

You must be signed in as a super administrator for this task.
  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Admin roles.
  3. At the left, click the role to view or assign.
    • To view the role's privileges, click View privileges.
    • To view the admins assigned this role, click View admins.

    Admin roles setting

Assign roles to users

You must be signed in as a super administrator for this task.

Assign roles to one user
  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Users.
  3. In the Users list, find the user. For tips, go to Find a user account.
  4. Click the user’s name to open their account page.
  5. Click Admin roles and privileges.


    Points out Administrative roles link

  6. Assign a role:
    • Assign a pre-built role or a custom role: Click the slider "" for the role.

      If you don’t see the sliders, click anywhere under Roles to display them:

      Where to edit administrative roles

      Tip: Enter a role in the the Search by role name box.

      OR

    • Create a new role for the user: Click Create Custom Role.

      For details, see Create custom administrator roles.

  7. If the role includes a user management privilege, you can limit the admin's actions to specific organizational units. Click All organizational units "" and select the organizations you want the administrator to manage. The administrator can also manage sub-organizations that inherit this setting.
  8. Click Save.
    Tip: In the Privileges section below, you can see all the user's privileges from all admin roles they’re assigned to.

To return to the user’s account page, at the top right, click the Up arrow "" .

Assign a role to several users at once
You must be signed in as a super administrator for this task.
  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Admin roles.
  3. Click the role you want to assign.

    Tip: You can switch between Admins and Privileges by clicking Privileges in the top left.

    View privileges
  4. Click Assign role.
  5. Type the first few letters of the user's address (not username) and press Enter. You can assign up to 20 users at time.
  6. For custom roles that include a least one user management privilege, you can restrict an admin's role to a specific organizational unit:
    • One administrator: click "" next to the organizational unit name, and select the organizations you want the administrator to manage.
    • All administrators: At the top of the roles list, check the Admins box and then the Organizational Unit box.

The user typically gets their new privileges within a few minutes. However, it can take up to 24 hours. When they sign in to their account, they arrive at the Admin console Home page. Here they see the controls allowed by their privileges.

Next steps 

Have each administrator add recovery options to their account.

Was this helpful?
How can we improve it?