Camera role - Is there any way to deny a set of tagged cameras while allow access to others?

MFLauder
Here to help

Camera role - Is there any way to deny a set of tagged cameras while allow access to others?

Hello,

I have a location that has several hundred cameras being deployed but our Security Department wants a group of users to view ALL cameras except a handful of sensitive ones. 

I was wondering if there was a way to use camera tags and ALLOW access to most cameras and DENY to those handful? 

 

I don't see a way to do this and the only thing I know to do is maybe tag ALL of those cameras being installed with a tag "allowed" and another tag on the sensitive cameras "not allowed" . Then I give those users access to "allowed" tagged cameras and leave off the "not allowed". 

Any of the groups that need to see EVERY camera would have access to both "allowed" and "not allowed" tagged cameras. 

 

Any insight would be helpful. 

 

Thank you, 

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

You could put the sensitive cameras into a different network in the Meraki Dashboard.

MFLauder
Here to help

That is one idea. I see we have something similar already in place for another sensitive camera install in our Organization but is that really the best practice? I'm trying to think of any downsides of doing a separate network.  

PhilipDAth
Kind of a big deal
Kind of a big deal

Another option could be (not sure - not used it in this way) to use a third-party product like Boundless Digital that allows you to create granular access control to the Meraki dashboard.

https://www.boundlessdigital.com/network-management/meraki-automation/role-based-access-control/ 

MFLauder
Here to help

Thanks for the suggestion. This is a fast moving project it seems now for us so getting another tool is probably out of the question for now. I'll see about the separate network. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.