Meraki Community

CourtneyB · ‎Aug 2 2019

MSP User Account Access

Properly maintained administrative access to dashboard is determined by how a partner’s company is structured and how services will be delivered. Various roles will require different levels of access. Each user, particularly those with read/write access, should have their own Meraki dashboard account.

Use of a generic account (e.g. helpdesk@organization.com) to manage dashboard organizations is not recommended as it introduces multiple challenges, including the inability to audit changes and decommission individual user access

Note: For large-scale implementations, the Meraki Dashboard API can be used to provision new user accounts.

Account types

Multi-organization Administrator	This user type has full access to multiple customer organizations, and thus full access to all contained organizations and networks. Note: this is not unique designation, and is enabled if the same user account (email) is associated with multiple Meraki organizations
Multi-organization administrator (read-only)	This user type has read-only access to multiple customer organizations, and thus read-only access to all contained organizations and networks. Note: this is not unique designation, and is enabled if the same user account (email) is associated with multiple Meraki organizations
Organization administrator	This user type has full access to a specific organization, and thus Full access to all contained networks within that organization.
Organization administrator (read-only)	Account has read-only access to a specific organization, and thus read-only access to all contained networks within that organization.
Network administrator	This user type full access to a specific Network or Combined Network
Network administrator (read-only)	This user type only has read-only access to a specific Network or Combined Network

Example

In the example below, the account has the following access within each organization:

Customer Organization 1 - Account has full access to the organization, and thus full access to all contained networks.
Customer Organization 2 - Account only has read-only access to the 'Combined Network'.
Customer Organization 3 - Account has read-only access to the organization, and thus all contained networks. However, full access has been given specifically for the 'MX Network'.

Additional details are available via product documentation: Meraki Dashboard Organization Structure

Organization Permission Types

Read-only: User is able to access most aspects of network and organization-wide settings, but is unable to make any changes. Full: User has full administrative access to all networks and organization-wide settings. This is the highest level of access available.

Network Permission Types

Guest ambassador: User is only able to see the list of Meraki authentication users, add users, updated existing users, and authorize/de-authorize users on an SSID or Client VPN. Ambassadors can also remove wireless users, if they are an ambassador on all networks. Presented with user management portal only. Monitor-only: User is only able to view analytics data, but have no visibility or access to network configuration. Read-only: User is able to access most aspects of a network, including the Configure section, but no changes can be made. Full: User has access to view all aspects of a network and make any changes to it.

Managing Organization Permissions

All permissions for a Dashboard organization can be managed under Organization > Administrators, however, this page is only visible to users with Full or Read-only organization access. Changes on this page can only be made by users with Full organization access.

At this time, it is not possible to manage organization permissions for multiple organizations "in-bulk".

For additional information about managing, adding or modifying access, please see Meraki Documentation.

Previous: Activating the MSP Portal Next: Creating a New Customer Organization

Configuring Organization Administrators