Managing users and permissions effectively is crucial when setting up a Ubiquiti network, especially for businesses or environments with multiple administrators or users. Ubiquiti’s UniFi Console allows you to easily control who can access your network’s settings and data, ensuring that you have the right people with the appropriate permissions to manage or view your network configurations. This guide will walk you through the steps of managing users and permissions in the UniFi Console.
Table of Contents
- Introduction to User Management
- Types of User Roles in Ubiquiti Console
- Adding New Users
- Assigning Permissions and Roles
- Modifying or Removing Users
- Best Practices for User Management
Introduction to User Management
The Ubiquiti UniFi Console provides a user-friendly interface for managing users, allowing you to assign specific roles and permissions to different users. Whether you're running a small office or a larger enterprise, controlling access and ensuring that only authorised individuals can modify your network settings is essential.
Types of User Roles in Ubiquiti Console
Ubiquiti offers several predefined roles that determine what actions each user can perform within the network. Understanding these roles helps you assign the right level of access to each user.
1. Super Administrator
- Super Administrators have full control over the UniFi network. They can modify all settings, manage devices, view analytics, and manage users.
2. Administrator
- Administrators can perform most functions like a Super Administrator, but they have no access to user management or billing settings. This role is suitable for staff who need access to network settings but not full administrative control.
3. Guest Administrator
- Guest Administrators have limited permissions. They can manage guest access settings, such as SSIDs, and monitor guest network usage, but cannot modify core network settings.
4. Read-Only User
- Read-Only users can only view the settings and status of the network but cannot make any changes. This role is often given to employees who need access to monitoring and reports without the ability to modify configurations.
Adding New Users
To add a new user to your Ubiquiti Console:
1. Log into the UniFi Console
- Open your browser and log into the UniFi Console using your Super Administrator credentials.
2. Navigate to User Management
- In the left-hand menu, select Settings > User Management.
3. Add New User
- Click the Add User button to create a new user account. You’ll need to provide the following details:
- Username: A unique username for the user.
- Email Address: The user’s email address (optional but recommended).
- Password: Set a strong password for the user.
- Role: Choose the appropriate role (Super Admin, Admin, Guest Admin, Read-Only).
4. Save and Invite
- After filling in the details and choosing the role, click Save. An email invitation will be sent to the user if you’ve entered their email address.
Assigning Permissions and Roles
When adding a new user, you can assign them specific permissions based on their role. Here’s how to ensure the correct permissions are set:
1. Determine Permissions Based on Role
- Before assigning roles, make sure you understand the permissions each role carries. For example, if a user needs to view network statistics but not alter configurations, assign them a Read-Only role.
- If they require the ability to modify settings, assign the Administrator role but restrict access to sensitive areas, such as user management.
2. Modify User Roles (if needed)
- You can modify a user’s role at any time by going to the User Management section. Click on the user you want to edit, select Edit, and then adjust their role or permissions.
3. Assign Network-Access Permissions (if needed)
- Ubiquiti allows you to assign specific network access to users. This is helpful for larger networks or businesses with multiple locations. You can restrict access to particular devices or areas of your network for specific users.
Modifying or Removing Users
You might need to modify or remove users from your network for various reasons, such as role changes or employee departures.
1. Modify User Details
- In the User Management section, select the user whose details you wish to modify. Click on Edit to change their role, password, or permissions.
2. Remove a User
- To remove a user, select the user in the User Management section, then click on Delete. This will revoke their access to the network entirely.
3. Disable User Access
- If you don’t want to remove a user permanently but want to restrict their access temporarily, you can disable their account. This can be done by selecting the Disable option in the user management section.
Best Practices for User Management
Managing users and their permissions requires careful planning to avoid accidental security breaches or misconfigurations. Here are some best practices:
1. Use the Principle of Least Privilege
- Always assign the least amount of access necessary for the user to perform their tasks. For example, don’t give a user Administrator access if they only need to view reports.
2. Regularly Review User Permissions
- As your network evolves, it’s essential to regularly review user permissions. Make sure users still need the same access levels, especially if they’ve changed roles or departments.
3. Enable Two-Factor Authentication (2FA)
- For added security, enable two-factor authentication (2FA) for users with elevated privileges (e.g., Super Admins and Administrators). This provides an additional layer of protection against unauthorised access.
4. Remove Unnecessary Users
- Regularly clean up inactive or unnecessary users to reduce the risk of potential breaches. If a user leaves the company or no longer needs access, ensure their account is removed promptly.
Conclusion
Managing users and permissions on the Ubiquiti UniFi Console is a straightforward but essential part of network management. By assigning the appropriate roles and regularly reviewing permissions, you can ensure that your network remains secure and that only authorised individuals have access to critical settings and configurations. Following these best practices will help maintain an organised and secure network environment for your home or business.
