That kind of privileges are handled by policykit, which has a differentiation between local and remote users. And local users have more privileges than remote.

When you start a new session with X2go you are definitely remote user, while with VNC you are kind of local (for policykit at least).

You can override that with a bunch of xml config files, but someone has to analyze all required privileges and for each one create a config.