We have a large organization with over 150 networks distributed globally.
Previously, assigning the Network Administrator role to specific networks was straightforward, as their administrative tasks were limited to the networks assigned to them.
However, a Network Admin recently informed me that they can now add, edit, and delete non-Meraki Site-to-Site (S2S) VPN peers. This capability was previously restricted to Organization Admins, but it seems that any admin from any network in the organization can now modify ALL non-Meraki S2S peers and tunnels.
I have verified the permissions and confirmed with the admin that they can indeed modify settings that could impact the entire organization.
My question is, when was this change implemented, and is there a way to revert it?
We cannot allow network-specific admins to make changes to non-Meraki VPN tunnels that affect other networks in the organization, which they should not have access to.
Has anyone else encountered this issue? Previously, this permission was exclusive to Organization Admins and not individual Network Admins.
