Meraki

Community

granting specific permisisons for a user

mrpackethead_
Getting noticed
‎Feb 25 2025 9:48 AM
‎Feb 25 2025 9:48 AM

granting specific permisisons for a user

It feels to me that the ability to control what actions an 'administrator' can perform in meraki is very 'chunky'. that is to say,    You can't really control the scope of what a user does...

For example, i want to allow some people to be able to just change the profile of an access port on a switch.  So they can facilitate the installation of a device..  but I dont' want them to be able to change anything else.  

Without creating my own wrap around for this, it seems like you just cant' realy do this.

 

0 Kudos
3 Replies 3
RWelch
Kind of a big deal
Kind of a big deal
‎Feb 25 2025 9:54 AM
‎Feb 25 2025 9:54 AM

Screenshot 2025-02-25 at 11.52.55.png

You can dial down one's permissions to do what you are wanting to achieve.

Managing Dashboard Administrators and Permissions (Modernized View) 

Introducing RBAC (Role-Based Access Control) Foundations for enhanced admin management 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Mloraditch
Kind of a big deal
‎Feb 25 2025 9:54 AM
‎Feb 25 2025 9:54 AM

Meraki is working on rolling out RBAC to allow you do do just that. The first portion of that is in Early Access now:

https://community.meraki.com/t5/Feature-Announcements/Introducing-RBAC-Role-Based-Access-Control-Fou...


If you need something more immediately or beyond the scope of the above a marketplace partner has a solution: https://www.boundlessdigital.com/network-management/meraki-automation/role-based-access-control/
I can't speak to its quality and am merely sharing to make you aware.

Other options would be to develop your own tools based on the API.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Feb 25 2025 11:52 PM
‎Feb 25 2025 11:52 PM

You should be able to do so already, without RBAC.

 

Go to the Switchport that you want your employee to be able to manage and tag it e.g. Facility.

rhbirkelund_0-1740555940720.png

Notice the tag Facility in the screen shot.

 

Then go to Network-wide -> Configure -> General

Under port management privileges you can configure the tag to be used for port privileges.

rhbirkelund_1-1740556122539.png

 

Then on Organization -> Administrators, you can create your employee as an administrator and target the employee to a network and select the tag Faclility.

rhbirkelund_2-1740556248206.png

 

From then on, your employee should only be able to access ports only assiged Facility tag.

Maybe he can view other ports - I can't remember. But he will not be able to edit ports that are not assigned the Facility tag.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.