Playback permissions
Note:
For video playback, make sure port 9191 is open on your end users’ devices and networks.
Session Recording administrators
Session Recording administrators are Citrix Cloud administrators assigned a permission to access the Session Recording service.
Citrix Cloud administrators assigned any of the following access permissions are allowed to play all recordings, including archived and restricted recordings:
- Full access
- Cloud Administrator, All role
- Session Recording-FullAdmin, All role
- Session Recording-PrivilegedPlayerAdmin, All role
Citrix Cloud administrators assigned only the Session Recording-ReadOnlyAdmin, All role are not allowed to access Restricted recordings. For information about restricted recordings, see Place access restrictions on recordings.
Citrix Cloud administrators assigned only the Session Recording-ReadOnlyAdmin, All role are called Session Recording read-only administrators later in this article. You can limit playback permissions so that Session Recording read-only administrators can play only specific recordings from a target site.
For more information, see Administrator role management.
Playback permissions for Session Recording read-only administrators
For an overview of Session Recording administrators and their playback permissions, see the following table:
| Type of Session Recording administrator | Playback permission | Remarks |
|---|---|---|
| Citrix Cloud administrator assigned full access | Can play all recordings | Shows as a full admin on the Playback Permissions page of the Session Recording service |
| Citrix Cloud administrator assigned the Cloud Administrator, All role | Can play all recordings | Shows as a full admin on the Playback Permissions page of the Session Recording service |
| Citrix Cloud administrator assigned the Session Recording-FullAdmin, All role | Can play all recordings | Shows as a full admin on the Playback Permissions page of the Session Recording service |
| Citrix Cloud administrator assigned the Session Recording-PrivilegedPlayerAdmin, All role | Can play all recordings | Shows as a privileged player on the Playback Permissions page of the Session Recording service |
| Citrix Cloud administrator assigned only the Session Recording-ReadOnlyAdmin, All role | Can play all recordings except restricted recordings by default, or can play only recordings that originate from users and groups, published applications and desktops, and delivery groups and VDAs you specify. | Shows as a full admin on the Playback Permissions page of the Session Recording service by default, or shows as a read-only admin on the Playback Permissions page of the Session Recording service when you specify the scope. |
To limit the playback permission of a Session Recording read-only administrator, complete the following steps:
-
Select Configuration > Playback Permissions from the left navigation of the Session Recording service.
Note:
-
The Playback Permissions menu in the left navigation of the Session Recording service is invisible for the administrators that are added through Azure AD groups. It is also invisible for Session Recording read-only administrators.
-
All Session Recording administrators are listed on the Playback Permissions page.
-
- Select a target site.
- Target an administrator on the Playback Permissions page. To make the administrator a Session Recording read-only administrator, complete the following steps:
- Go to the Identity and Access Management > Administrators tab of the Citrix Cloud console.
-
Locate the target administrator, click the ellipsis button, and select Edit access.
-
Select Custom access.
- Click the angle bracket to expand all roles.
-
Clear the check marks next to Cloud Administrator, All, Session Recording-FullAdmin, All, and Session Recording-PrivilegedPlayerAdmin,All. Select the check mark next to Session Recording-ReadOnlyAdmin, All.
-
Click Save.
-
Return to and refresh the Playback Permissions page of the Session Recording service. The Citrix Cloud administrator you edited shows as a Session Recording read-only administrator.
Tip:
An administrator can have full permission to play all recordings, limited permission to play only specific recordings, or no permission to play any recordings.
Unless otherwise specified, a Session Recording read-only administrator has full permission to play all recordings.
-
Click the Edit icon in the row of the administrator.
-
On the Edit Playback Permission page, click Configure to specify the scope of recordings that the administrator can play.
Your settings might not show on the Playback Permissions page. The issue occurs after upgrading to Session Recording 2204. As a workaround, run the following script in SQL Server Management Studio (SSMS) that corresponds to your Session Recording database:
ALTER procedure [dbo].[EnumPlayerUserDeliveryGroupPoliciesOnCloud] as begin set nocount on select 3 as RoleType, a.ID as RoleAccountID, h.principleName as PrincipleName, a.IsEnabled as IsEnabled, e.name as PolicyType, d.DeliveryGroupID as AccountMemberAccountID, g.Name as AccountMemberName from PlayerUserCloudAccountRoleConfigure a, PlayerUserPolicyConfigSetMember b, PlayerUserPolicyDeliveryGroupSetMember d, PlayerUserPolicyType e, DeliveryGroup g, PlayerUserCloudAccount h where e.id=5 and b.PlayerUserPolicyTypeID = e.ID and a.PlayerUserPolicyConfigSetID = b.PlayerUserPolicyConfigSetID and b.PolicySetID = d.PlayerUserPolicyDeliveryGroupSetID and g.ID=d.DeliveryGroupID and h.ID=a.CloudAccountID end <!--NeedCopy-->[SRT-8028]