Firstly, apologies if you've not seen this. It was launched a while ago, and I've only just stumbled upon it
Essentially, Limited Access Roles give you the ability to segment a Systems Manager network, so that admin A can only see devices that are tagged with a particular role. So, for example, the administrator of a hospital in Milan can only see devices in their dashboard that are tagged with Hospital-IT-Milan, for example.
Now, there's severa things you need to do
1. Create the role(s)
2. Create the admin(s)
3. Tag the devices
This ALSO works with SAML too:
Now, obviously, if you've a LOT of admins, roles, devices to tag / create, all of this can be done with the Meraki API
https://developer.cisco.com/meraki/api-v1/create-organization-sm-admins-role/
https://developer.cisco.com/meraki/api-v1/create-organization-admin/
https://developer.cisco.com/meraki/api-v1/modify-network-sm-devices-tags/
and, if using SAML
https://developer.cisco.com/meraki/api-v1/create-organization-saml-role/
Full details here: https://documentation.meraki.com/SM/Other_Topics/Limited_Access_Roles
and, for nostalgia:
https://meraki.cisco.com/blog/2015/06/limited-access-roles-for-systems-manager/
Thank you for this detailed post. Any ideas how to create a Lost Mode Manager role that would only allow device lookup and Lost Mode enable/disable process?
Systems Manager doesn't have that level of granularity just yet, but I will feed this back to the team. I had a look at the API (in case you wanted to consider building a portal just for this), but whilst we have an API for Lock we don't have one for Lost
Thanks @PaulF for sharing, the wording on the dashboard is a little confusing, does the limited access role only cover SM devices? If so it might be worth adding Systems manager into the heading. The heading and the description make it sound as though it covers all Meraki devices.
Will feed this back
Personally, I have found it much simpler to create multiple Systems Manager networks to address these kinds of requirements ...