Meraki

Community

Admin permissions to specific devices in an org

LeAnts
Here to help
‎Feb 9 2024 4:16 AM
‎Feb 9 2024 4:16 AM

Admin permissions to specific devices in an org

Hi,

can admin roles be set to allow engineers only access to specific devices within an org?

we have a MX and some meraki switches under the same network.. i need to give user1 admin rights to the MX only and no access to the switches.

how can I achieve this?

 

thanks

 

0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 9 2024 4:19 AM
‎Feb 9 2024 4:19 AM

Yes, take a look at this.

 

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Managing_Dashboard...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
LeAnts
Here to help
‎Feb 9 2024 4:26 AM
‎Feb 9 2024 4:26 AM

Thanks.. but this doc doesn't really answer my question.. it tells me i can have an org admin or a network admin..

org admin has access over the entire org whereas network admin will have access to whatever is in that network.

does not seem to add limitations to specific devices within a network..

or am i ready it wrong?

 

0 Kudos
In response to LeAnts
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 9 2024 4:29 AM
‎Feb 9 2024 4:29 AM

No, you can only limit an administrator to a specific network at most, as you noted in the documentation.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to LeAnts
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 9 2024 4:34 AM
‎Feb 9 2024 4:34 AM

Sorry, the most you can do is limit within the network according to the TAG you have defined on the device.

 

alemabrahao_1-1707482113811.png

 

Just note that "These privileges allow limited access to the entire network and configuration of devices that match the selected scope and tags."

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Holli69
Getting noticed
‎Feb 9 2024 8:47 AM
‎Feb 9 2024 8:47 AM

For this function, you must have a System Manager license.

I would like to see more granular privilege management in the future.

For example, a read-only or monitor-only privilege for a specific user only for MX and Wireless, but not for switching and others.

For example a read-only or full privilege for MX and no access to all others menus.

0 Kudos
In response to Holli69
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 11 2024 11:12 AM
‎Feb 11 2024 11:12 AM

Systems Manager wont achieve ths.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 11 2024 11:13 AM
‎Feb 11 2024 11:13 AM

You can't do this ntively.  There are third-party solutions like Boundless Digital that offer granular role-based access control.

https://www.boundlessdigital.com/network-management/meraki-automation/role-based-access-control/ 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.