Blocking Devices on Meraki portal without admin

Yarig
New here

Blocking Devices on Meraki portal without admin

Hi everyone,

 

I have a requirement that is proving difficult to fulfil and I lack the access to confirm what is possible, so I'm hoping the community can help, or at least confirm what is possible.

 

I work in a security team and we see alerts showing some devices contacting malicious domains. These are connected to a Cisco WAP and discoverable on the Meraki dashboard search.

 

I want to create a way for these devices to be blocked, but my request ended up being denied as I was told that this action requires full admin rights on the portal.

 

Is this the case? Is there any method that could be used to allow a device block to be applied without needing full admin rights?

5 REPLIES 5
Make_IT_Simple
Meraki Alumni (Retired)
Meraki Alumni (Retired)

That's not possible, to make any change in Meraki Dashboard, you need to have full org access. 

Make_IT_Simple
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Yarig
New here

Hi @Make_IT_Simple

 

Thanks for confirming that. I can at least put the topic to rest and move on 🙂

Yarig
New here

I checked that link and noticed that one role may fit the bill in a sense:

 

Guest ambassador: User only able to see the list of Meraki authentication users, add users, update existing users, and authorize/deauthorize users on an SSID or client VPN. Ambassadors can also remove wireless users if they are an ambassador on all networks.

 

If we had the ability to kick a device off the network then that would be something we can do, but not have full org admin. Am I misunderstanding that role?

Make_IT_Simple
Meraki Alumni (Retired)
Meraki Alumni (Retired)

I don't believe that option will work for you. Just for testing, I did try that in my own dashboard and I couldn't do much with a guest ambassador user. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels