There are 2 types of Horizon user roles that can be assigned to a service account that is used to add the Horizon target in Turbonomic.
Discovery only mode
For this the least privilege access that is required to discovery and monitor the Horizon target is an Administrator (Read only) role that is available as a default role in the Administrator view.
Executing actions on the Horizon target
To move a user from one DesktopPool to another, Turbonomic removes the user entitlement from the source pool and adds the entitlement of the user to the destination pool. To do this, the login requires a role that includes the privilege, 'Entitle Desktop and Application pools'. To perform actions in Horizon, the user account for the Turbonomic target must have a role with this privilege, as well as the Administrator (Read only) role.
Here are some screenshots for creating a role with the 'Entitle Desktop and Application pools' privilege:
Creating new role with the privilege
New role created
Adding permission to add the new role to the desired user
Providing permission to the desired access group - Typically 'Root'