Special Access Roles – Building the Dashboard

Guest Ambassador, Camera-only, and Monitor-only administrator roles are unique types of network-level permissions focused on use cases that can be granted to provide only limited access to networks within an organization. These are useful for larger organizations that may wish to provide accounts with access to various monitoring capabilities of the Dashboard without exposing the detailed configurations for the related networks.

Guest Ambassadors are accounts that are able to view or modify only the list of Meraki authenticated users in networks. This covers accounts used by Client VPN when configured for Meraki Authentication as well as accounts used for wireless Sign-on splash pages when configured for Meraki Authentication. Guest Ambassador accounts are only able to add, update, and authorize or deauthorize user accounts for specific SSIDs or Client VPN connections. They are presented with a special view of the Dashboard, referred to as the User Management portal, instead of the standard Dashboard view. Persons intended to take advantage of this role include but are not limited to executive admins for a site, frontline helpdesk members, or front desk staff.

Camera-only organization administrators are created by assigning only the “all cameras in this organization” permissions target to an administrator account. This role allows an account to view only networks within the organization that contain MV cameras and interact only with cameras while in those networks. Any other devices also included in those networks will not be visible to a Camera-only admin.

This role provides the following three unique levels of access to select between for cameras in the organization:

View and export all footage: Provides the most access and allows viewing of live camera feeds, viewing of recorded historical video, and exporting of historical video footage for download or external storage. This access level could be useful for higher-level administrative staff who may require access to review and export historical footage as the result of an incident investigation.

View all footage: Allows for viewing of live camera feeds and recorded historical video, but does not allow creation of video exports. This access level could be used for staff who may be required to review recent footage in the event of a potential incident, but who should not be allowed to export or create copies of any captured video.

View live footage: The most restrictive level, allows only viewing of live camera feeds. Recorded historical data is not accessible at all. This access level could be used for an account that requires only live streaming, such as a monitoring display.

For more granular control, Dashboard Administrator accounts can have network-level camera permissions configured for them within each network. This allows for the same levels of access control as the Camera-only organization administrator but on a more granular level, with the option to select between all cameras in the network, individual cameras, or groups of cameras based on configured device tags. This type of granular permissions control is also available for MT sensor data.

Pro Tip

Network-level Camera-only administrator settings can be configured for combined networks from the Network-wide > Administration > Camera-only Admins section of the Dashboard, and from the Cameras > General > Camera Admins section for Camera-only networks.

Leave a Reply

Your email address will not be published. Required fields are marked *