Home > Articles > Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC)

  • Sample Chapter is provided courtesy of Cisco Press.
  • Date: Dec 27, 2024.

Administrator Access Levels for Dashboard Organizations and Networks

Three levels of administrative access are available at the organization level:

  • None: Users will have no access to the organization, meaning they cannot perform any actions or view any configurations at the organization level. They may, however, still have privileges assigned at the network level.

  • Read-Only: Users with read-only access can view the Dashboard configurations for the organization but cannot make any changes. This includes the ability to view video footage if the organization has cameras. Be aware that administrators may still have privileges assigned at the network level.

  • Full: Users with full access have access to all parts of Dashboard (including cameras), can make configuration changes, and can even delete the organization. This access level should be limited to suitably qualified and trusted personnel.

Four additional levels of access are available when configuring privileges at the network level:

  • Full: This level grants full access to the target network, including the ability to view all of the Dashboard and change any configuration settings (see Figure 4-1).

Figure 4.1

Figure 4-1 An Example of an Administrator Configured as a Network-Only Admin

  • Read-Only: With this level, users can view all configurations in the target network but are restricted from making any modifications.

  • Monitor-Only: Administrators with this access level can view a dedicated monitor page in the Dashboard but cannot make any changes. Users with this access level can monitor and analyze network performance metrics, troubleshoot issues, and gain insights into the network’s health and performance.

  • Guest Ambassador: This level of access is intended for managing user access to Wi-Fi or client VPN access. The most common use case for this role is a hotel receptionist or lobby ambassador needing to provide temporary (time-bound) Wi-Fi access for guests and visitors. Staff with this access level can manage guest users, granting or revoking access as needed. When logging in, the Guest Ambassador user is presented with a purpose-built user management portal. It allows them to efficiently manage guest user accounts without having access to other parts of the Dashboard.

NOTE

You cannot assign full access to a user at the organization level and then assign only read-only permissions at the network level. Dashboard will give you a warning if you try to do this. If you want to create some network-focused admin users, you can grant read-only or no access (none) at the organization level and then the desired access at the network level.

TIP

For more information on managing Dashboard administrators and permissions, check out https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Managing_Dashboard_Administrators_and_Permissions. Alternatively, search for “Managing Dashboard Administrators and Permissions” using Search Dashboard in the top right of Meraki Dashboard.

3. Assigning Permissions Using Network Tags | Next Section Previous Section

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.