Assign administrator roles to a user

1. Sign in to the Google Admin console.
2. Go to the user's account page.
3. Scroll to the bottom of the user's account page and click Show more.
4. Click Admin roles and privileges.
   The Admin roles page lists the user's current privileges, if any. To see combined privileges granted by all the user's roles, click View Privileges.
5. Click Manage roles.
6. Choose a role from the Roles list.
7. (Optional) If the role includes user management permissions for organization units, select them from the No organizations selected list beneath each role. ^{What is this?}.
8. Click Update roles.

Click Manage roles to assign additional roles to the user.

1. Sign in to the Google Admin console.
2. From the dashboard, click Admin Roles. ^{Where is it?}
3. At the left of the Admin roles page, select the role you want to assign.

   This lists users that are currently assigned this role. To see the privileges that this role grants, click Privileges.

4. Click Assign admins.
5. Type the user's username.
   Start typing a name and select from the list of matching users.
6. Click Assign more to assign this role to more users.
7. (Optional) If the role includes user management permissions that can be limited to organizational units, click the Admin rights on list and select the organizational unit(s) the administrator should be able to manage. ^{What is this?}
8. Click Confirm assignment.

When assigning a role that performs actions on users, you can allow the administrator to perform those actions on all users in your account, or only on users in specific organizational units. For example, you might grant an administrator privileges to add or remove users only in the Sales department.

The administrator will be able to perform user tasks associated with this role only on users in this organizational unit and any sub-organizations. To grant the administrator privileges for your entire account, select the top-level organization. If you haven't created an organizational structure, the top-level organization is the only one available.

1. Follow the steps above to assign a role to a user.
2. Select a role that can perform any actions on Users.
3. Click Assign admins.
4. Click the Admin rights on: list to display your organizational structure.

   The Admin rights on: list is available only if the role includes at least one user management privilege. Otherwise, the field shows All Orgs.

5. Select the organizational unit the administrator should be able to manage.
6. Click Confirm Assignment.

Settings that can be delegated by organizational unit (OU) are marked as such in the third column.

 

Note: Access these settings in the Services Privilege.

Setting	What permissions it gives to delegated administrators	Can be delegated by OU
Manage Device Shipments	READ access to Shipments.	No
Manage Devices	READ and WRITE access to Devices.	Yes
Manage User Settings	READ and WRITE access to User Settings for the organizational units for which the administrator has privileges.	Yes
Manage Application Settings	READ and WRITE access to the Apps and Extensions section of User Settings for the organizational units for which the delegated admin has privileges. This is a subcategory of User Settings, so all admins who can manage User Settings can also manage Application Settings.*	Yes
Manage Device Settings	READ and WRITE access to Device Settings for the organizational units for which the delegated admin has privileges.	Yes
Manage User and Device Networks	READ and WRITE access to Networks for the organizational units for which the delegated admin has privileges.	Yes