SSID Administration via non-IT staff

Solved
Schuey
Conversationalist

SSID Administration via non-IT staff

Due to our sensitive environment, we have access points setup that need to be disabled by non-IT staff. We have the access points setup on schedules, however the SSID needs to also be disabled in certain circumstances. Currently the non-IT staff will either have to disconnect the access point physically from the network switch or request from the IT department to have the SSID disabled. Normally it does not work the best to have the IT department shutdown the SSID as this is normally required to happen straightaway.

 

The Guest Ambassador security level within Meraki provides too much access for these non-IT staff. Is there currently anyway to allow them to only have access to enable/disable an SSID? Are there any API functions that are setup to allow the disabling/enabling of an SSID?

 

Thanks  

1 Accepted Solution
DCooper
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Something that is overlooked. Using the API doesn't restrict any more or less access, it will just allow you to "mask" that access. For example, if you create a guest ambassador which is about the most restrictive write access you can have, this user will have an API key, all permissions that you would have via logged into the dashboard you would have via the API (assuming there is an API call for those functions they are allowed to do)..

 

You could make a front end web service to your end users that would mask the API key so to that end user never gets their hands on it. Keeping the API key hidden and out of people's hands is vital, if they have access to the key they have access to the permissions to that user/key and could really do some damage if the user had full permissions.

View solution in original post

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

You can use this API method:

https://dashboard.meraki.com/api_docs#update-the-attributes-of-an-ssid

and set "enabled" to false.

DCooper
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Something that is overlooked. Using the API doesn't restrict any more or less access, it will just allow you to "mask" that access. For example, if you create a guest ambassador which is about the most restrictive write access you can have, this user will have an API key, all permissions that you would have via logged into the dashboard you would have via the API (assuming there is an API call for those functions they are allowed to do)..

 

You could make a front end web service to your end users that would mask the API key so to that end user never gets their hands on it. Keeping the API key hidden and out of people's hands is vital, if they have access to the key they have access to the permissions to that user/key and could really do some damage if the user had full permissions.

Schuey
Conversationalist

Thanks for the information regarding the API details.

I will certainly look at the web portal idea as I'm currently implementing one for the organisation for other purposes.

Get notified when there are additional replies to this discussion.