Meraki

Community

INFO: Limited Access admin roles within Systems Manager

PaulF
Meraki Employee
Meraki Employee
‎Jun 4 2024 8:10 AM
‎Jun 4 2024 8:10 AM

INFO: Limited Access admin roles within Systems Manager

Firstly, apologies if you've not seen this. It was launched a while ago, and I've only just stumbled upon it

 

https://youtu.be/HIJrktiaQ_o

 

Essentially, Limited Access Roles give you the ability to segment a Systems Manager network, so that admin A can only see devices that are tagged with a particular role. So, for example, the administrator of a hospital in Milan can only see devices in their dashboard that are tagged with Hospital-IT-Milan, for example.

 

Now, there's severa things you need to do

 

1. Create the role(s)

2. Create the admin(s)

3. Tag the devices

 

This ALSO works with SAML too:

 

Screenshot 2024-06-04 at 16.06.36.png

 

Now, obviously, if you've a LOT of admins, roles, devices to tag / create, all of this can be done with the Meraki API

 

https://developer.cisco.com/meraki/api-v1/create-organization-sm-admins-role/

https://developer.cisco.com/meraki/api-v1/create-organization-admin/

https://developer.cisco.com/meraki/api-v1/modify-network-sm-devices-tags/

 

and, if using SAML

 

https://developer.cisco.com/meraki/api-v1/create-organization-saml-role/

 

Full details here: https://documentation.meraki.com/SM/Other_Topics/Limited_Access_Roles

 

and, for nostalgia:

https://meraki.cisco.com/blog/2015/06/limited-access-roles-for-systems-manager/

 

Labels:
5 Replies 5
ekramer
Getting noticed
‎Jun 4 2024 8:22 AM
‎Jun 4 2024 8:22 AM

Thank you for this detailed post.  Any ideas how to create a Lost Mode Manager role that would only allow device lookup and Lost Mode enable/disable process?

0 Kudos
In response to ekramer
PaulF
Meraki Employee
Meraki Employee
‎Jun 5 2024 1:42 AM
‎Jun 5 2024 1:42 AM

Systems Manager doesn't have that level of granularity just yet, but I will feed this back to the team. I had a look at the API (in case you wanted to consider building a portal just for this), but whilst we have an API for Lock we don't have one for Lost

0 Kudos
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jun 4 2024 12:59 PM
‎Jun 4 2024 12:59 PM

Thanks @PaulF  for sharing, the wording on the dashboard is a little confusing, does the limited access role only cover SM devices? If so it might be worth adding Systems manager into the heading. The heading and the description make it sound as though it covers all Meraki devices. 

 

Screenshot 2024-06-05 at 7.58.21 AM.png

0 Kudos
In response to BlakeRichardson
PaulF
Meraki Employee
Meraki Employee
‎Jun 5 2024 1:42 AM
‎Jun 5 2024 1:42 AM

Will feed this back

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 5 2024 2:58 AM
‎Jun 5 2024 2:58 AM

Personally, I have found it much simpler to create multiple Systems Manager networks to address these kinds of requirements ...

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.