Administration

Holli69
Getting noticed

Administration

Hi all,

 

Is it possile with Meraki for a designated person or group only grant access to the "Security & SD-WAN" or "Switch" or "Wireless" options in a combined Dashboard environment ? For example, a security collegue grant access for Firewall rules and VPN configurations, but this collegue isn't allowed to change wireless or switch settings.

 

5 Replies 5
Pavithran
Here to help

We can configure Org read-only or network level read-only permission for this request.

 

If you want to configure organization level read access use the option 1 and Network level readonly permission use the option 2. Upload 1.PNG

 

If you have a SAML configuration then the same readonly permission for SAML group will solve the request.

Holli69
Getting noticed

Thanks

but I know these functions. The problem is,that with Organization access set to "None" or "Read-only" and access to Network set to "Full", the problem is that the designated collegue has access to the complete Network (SD-WAN & Security, Wireless, Switch ect.), but the collegue should only have access to SD-WAN & Security section, not the Wireless and Switch section.

Pavithran
Here to help

If the network is a combined network, then we cant have device level permissions like you mentioned. Nice requirement though.

 

May be you can submit a feedback to Meraki team about this by click on Give Feedback button on Meraki support page.

dagarva
Here to help

maybe you can split the devices per networks, then you will be able to grant access only to the MX o MS devices (but not perfect because they will be able to modify all inside MX)

Merookie
Comes here often

Actually I had the exact same question.  I am trying to give access to security teams to a site network, but only for the firewalls/MX appliances.  From what I gathered here, it seems I would have to create two networks for each site - one with all the wireless, switching, IoT, etc. devices, and one with the firewall appliances.  I know it works, because I accidentally did this with switches and APs in different networks with similar names.  However this seems like alot of extra legwork.  Is this something Meraki is looking into in the future?  Is my understanding of the current capability correct?

Get notified when there are additional replies to this discussion.