You can assign a user to be a delegated administrator of an Access Gateway cluster or a single Access Gateway that does not belong to a cluster. You cannot assign a user to manage a single member of a cluster.
When a delegated administrator of an Access Gateway cluster is granted View/Modify rights, the administrator has sufficient rights to change the cluster configuration, to stop and start (or reboot and shut down), and to update Access Gateways in the cluster. However, to configure Access Gateway to use SSL, you need to be the admin user, rather than a delegated administrator.
When the user is assigned View/Modify rights to manage a cluster or an Access Gateway, the user is automatically granted View Only rights to the master policy container. If you have created other policy containers, these containers are hidden until you grant the delegated administrator rights to them. View Only rights allows the delegated administrator to view the policies and assign them to protected resources. It does not allow them to modify the policies. If you want the delegated administrator to modify or create policies, you need to grant View/Modify rights to a policy container.
View/Modify rights to an Access Gateway or a cluster allows the delegated administrator to modify which Identity Server cluster Access Gateway uses for authentication. It does not allow delegated administrators to update Identity Server configuration, which is required whenever Access Gateway is configured to trust an Identity Server. To update Identity Server, the delegated administrator needs View/Modify rights to Identity Server configuration.