Home > Smart Cameras > Advanced Configuration > Camera Permissions

Camera Permissions

This article outlines the different camera permission levels within Dashboard, how to create camera roles or camera only privileges and apply it to a user, as well as describes options available to these users.

Configuring Role-based Camera Permissions for SAML/SSO

Initial Dashboard SAML/SSO configuration

You will need to first configure your Organization to enable SAML 2.0 and configure your SAML Identity Provider (IdP) settings. You must have your own Identity Provider configured to use this feature. OneLogin offers a free trial for a developer environment to test with, as do other providers.

Follow this guide to get started:

 

Camera Role Restrictions

Please note the following:

  • SAML user roles map 1:1 to roles defined in Dashboard

  • A SAML user can only map a single SAML role to a role in Dashboard

  • SAML Network/Organization Admin roles are still supported, and will match first if there are conflicting roles defined between Network/Organization Admin roles and Camera roles

  • All conflicts should be avoided and users should only have a single SAML role passed to Dashboard to ensure the correct role is applied

Creating a Camera role in Dashboard

 

Navigate to Camera roles via the sidebar menus Organization > Configure > Camera roles. Select `Add Role` to get started.

Step 1: Role naming and Network access permissions 

  • Enter the SAML Role to be mapped to these permissions exactly as it is configured in the Identity Provider.

  • Select Network permissions (either all or by tags) 

    • Selecting `All networks` provides users with this role access to all Networks contained within the current Organization.

    • Selecting `Networks by tag` provides users with this role access to Networks with the specified tag(s) that are contained within the current Organization.

Step 2: Viewing permissions and camera permissions

  • Configure camera viewing permissions
    • This value is set for all permitted cameras and cannot be configured to be a different value for a subset of resources.
  • Select camera permissions (either all or by tags) 
    • Selecting `All cameras` provides users with this role access to all cameras contained within the previously selected Networks in Step 1.
    • Selecting `Cameras by tag` provides users with this role access to cameras with the specified tag(s) that are contained within the previously selected Networks in Step 1.

Step 3: Confirmation

A simple confirmation page will summarize the proposed changes. Review and hit `Create role` when ready, or navigate back using the `Back` button to make any changes.

 

After committing the changes, there will be a small wait while saving before a confirmation dialog will appear.

 

You will return to the Roles overview page. Confirm your role is in the list with the correct parameters configured.

 

If the above steps are followed to completion and an identity provider is configured for the Organization, you are done! Users can now log in as a Camera role by using the Meraki application within your identity provider.

 

Configuring local Camera-only admins

Creating and Assigning a Camera-only privilege

The following instructions outline how to create a Camera-only privilege role, and assign it to a specific Network Administrator:

  1. For camera only networks, navigate to Cameras > Configure > General. For combined networks, navigate Network-wide > Configure > Administration.

  2. Navigate to the Network Administration > Camera-only privileges section.

  3. Select a Network Admin from the dropdown or create new user. 
  4. Select the view setting as well as which cameras to apply the rule to:
  5. Click Save changes to save the role.

Camera-only Privilege Functionality

When a Network Admin with Camera-only privileges logs into Dashboard, their view is restricted in terms of both devices and functionality. It simplifies the menu for users to quickly and easily access the cameras. Also, camera-only admins are unable to make changes to cameras as they are given read-only rights. These changes include image settings such as focus, zoom, and aperture as well as viewing network tab of the camera. 

One common use case for the camera-only admin feature is to allow a receptionist to view live footage only of the building atrium. This is due to the receptionist only needing to view who is currently in the atrium before allowing them access to the building. In this scenario, camera-only admin settings for the receptionists email would be view live footage and cameras tagged "Atrium". 

 

Restricting and Enabling Meraki Support Access to Cameras

By default Cisco Meraki support technicians cannot view video or hear audio. You may choose to allow temporary access to receive help with focusing, zooming, or other video or audio quality issues. Temporary access is automatically revoked when time expires, or can be manually revoked at any time. 

Temporary permission to view camera footage can be granted to Cisco Meraki support agents be navigating to Help > Get Help in the dashboard.

New Help Page

First ensure you have selected a network with cameras. Next, navigate to Help > Get Help. On this page, select MV smart cameras.

 

new_help1.png

 

From here, on the bottom of the page, if your organization contains cameras, there is an option to enable video access for Meraki support. This can only be enabled by full organization admins.

 

new_help2.png

 

 

If video access has already been granted, you can always revoke it on the same page by selecting Revoke Access.

 

new_help3.png

 

Note: Only organization admin can grant support access to the video feed.

Old Help Page

 

help.png

First ensure you have selected a network with cameras. From here, on the bottom of the page, if your organization contains cameras, there is an option to enable video access for Meraki support.

allow.png

If video access has already been granted, you can always revoke it on the same page by selecting Revoke Access.

restrict.png

 

Tracking Meraki Support Access 

The granting, revoking and expiring of Meraki Support access is logged on the organization change log.

access_log.png

Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 5096

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community