You can granularly assign WorkSpaces Manager portal admin users to do specific tasks.
This should be used delegate support roles where you do not want all users to have access to the console and/or full administration rights over every WorkSpace in the estate. For example, you may have two staff who look after users who have critical roles and policy stipulates that they are the only users who can change the reboot times for their WorkSpaces.
Adding a new portal Administrator
IMPORTANT NOTE: Before you do this, check the Roles, and make sure that there is an Administrator role set up with ‘SysAdmin’ permissions. XXXXWHERE DO THEY DO THIS???XXXXGo to Section 4.3 and add a sysadmin role with the following selections.
To add a new portal administrator, select the icon on the right and select ‘Add Administrator’.
Now fill in the administrator details from Active Directory. Ensure that the username is prefixed with your domain name. You can choose the Role Name for this user. The Roles are created and defined here. In this example, we want our portal admin to just be able to restart, stop and start a users’ WorkSpace (which we have defined in our roles as a ‘Support Staff’ role.
Restricting users to Regions, Directories or Tags
For delegation of support roles purposes, you may wish to have portal administrators restricted to WorkSpaces in specific AWS Regions (e.g., a support team in APAC), specific WorkSpace Directories (e.g., which may contain Finance and Marketing users only) or WorkSpace Tags (e.g., the Department is Finance).
With this user, we have restricted the administrator to WorkSpaces in eu-west-1 Region, with no specific WorkSpace Directory, and any WorkSpaces that are tagged with ‘Department’ of ‘Finance’. They cannot administer anything other than these WorkSpaces (for example, they cannot terminate\reboot a WorkSpace in ‘Marketing’). You can add remove Regions, Directories and Tags but selecting the ‘Action’ button on the top left.
Post your comment on this topic.