Authorize users

To grant users the rights, you assign them to roles using the Session Recording Authorization Console on the Session Recording Server. Three roles are available:


For security reasons, grant users only the rights they need to perform specific functions, such as viewing recorded sessions.

  • PolicyAdministrator. Grants the right to view, create, edit, delete, and enable recording policies. By default, administrators of the computer hosting the Session Recording Server are members of this role.
  • PolicyQuery. Allows the servers hosting the Session Recording Agent to request recording policy evaluations. By default, authenticated users are members of this role.
  • LoggingWriter. Grants the right to write the Administrator Logging logs. By default, local administrators and the Network Service group are members of this role. Changing the default LoggingWriter membership can cause log writing failure.
  • LoggingReader. Grants the right to query the Administrator Logging logs. There is no default membership in this role.
  • Player. Grants the right to view recorded Citrix Virtual Apps and Desktops sessions. There is no default membership in this role. When you install Session Recording, no user has the right to play recorded sessions. You must assign the right to each user, including the administrator. A user without the permission to play recorded sessions receives the following error message when trying to play a recorded session:

To assign users to a role, do the following:

  1. Log on as an administrator to the computer hosting the Session Recording Server.
  2. Start the Session Recording Authorization Console.
  3. Select the role to which you want to assign users.
  4. From the menu bar, choose Action > Assign Users and Groups.
  5. Add the users and groups.

Session Recording supports users and groups defined in Active Directory.

Any changes made to the console take effect during the update that occurs once every minute.

Authorize users

In this article