Support Downloads Community

UniFi Video is an obsolete product line.

This application and its related devices will no longer receive any manner of technical support, including functional and security updates. Additionally, there will be no further updates to Help Center content pertaining to UniFi Video.

UniFi - Manage users and user roles

This article identifies the different roles available in your UniFi OS Console, as well as their access privileges for the system and each application (UniFi Network, Protect, etc.). It also provides information on how to add, edit, and deactivate users.

UniFi OS user roles and permissions

There are four types of roles available in your UniFi OS Console: Owners, Super Admins, Limited Admins, and Members.

In general, Owners and Super Admins will receive administrative privileges within all of the console's applications while Limited Admins will only be able to view and manage the applications you specify. Members are used by the Talk and Access applications for users who don't actually need to access the UniFi web or mobile apps. 

For a full breakdown of permissions, see the table below:

Roles

UniFi OS Console permissions

Application-specific permissions

Owner
The account that set up the UniFi OS Console. This role has full administrator privileges and cannot be transferred.

Full access and privileges to the UniFi OS Console's Settings (e.g., firmware updating, factory-resetting, etc.).

 

Can invite, edit, deactivate and delete all users.

Administrator privileges to make changes within the application.

Super Admin

An Administrator with full access privileges within the UniFi OS Console and each of its applications.

Full access and privileges to the UniFi OS Console's Settings (e.g., firmware updating, factory-resetting, etc.).

 

Can invite, edit, deactivate, and delete Limited Admins and Members, but not other Super Admins.

Administrator privileges to make changes within the application.

Limited Admin
Users that are not permitted to change the UniFi OS Console's settings or user list. Their application-specific privileges are configured separately.

No privileges

Privileges are assigned for each application. Tiers include: Administrator, View Only, a custom role, or no access.

Member
Users with assigned privileges within UniFi Access and Talk but not Network or Protect.

No privileges

UniFi Network and Protect: Not used

UniFi Access: Can enter doors.

UniFi Talk: Can be assigned phone numbers.

Application-specific permissions

There are three default application permission types with the following privileges:

  • Administrators:
    • Can view and edit application settings
    • View and edit all devices
  • View Only Users:
    • Access the UniFi OS Console 
    • View all devices
  • None:
    • Users in this tier won't be able to access the application.

These permission types can be applied to Limited Admin users. Owners and Super Admins are automatically given Administrator privileges for all applications.

 

Unifi Network-specific permissions

UniFi Network has two specialized administrator roles; however, they aren't typically used in most deployments:

  • Hotspot Operator: Those with this role can manage guest WiFi hotspots set up by Administrators.
  • Site Admin: Those with this role can manage application settings for a specific site. Please note that this setting is only available for UniFi OS Consoles that host multiple sites.

 

UniFi Protect-specific permissions

UniFi Protect gives you the ability to create application roles with a customized view and edit permissions for each connected camera and device.

  • Edit access allows users to:
    • View live camera streams, playback history, and device information.
    • Adjust settings for a specific camera or device (e.g., change image quality settings, perform a factory reset, etc.).
  • View access allows users to:
    • View live camera streams, playback history, and device information.
  • All users can view device activity (e.g., camera disconnections, etc.) and configure their own email and push notification alerts.

Protect-specific_permissions.png

To create a new role in Protect:

  1. Click Add Role in the upper-right corner of the Roles menu.
  2. Enter the details for the new user role:
    1. Enter a name for the role.
    2. Under Device Management, select the access permissions (Edit or View). This can be done for specific cameras or all of them simultaneously.
  3. Click Add Role in the bottom-right corner to create the new role. Once added, the new user role will appear in the Roles list.

Protect_create_user_roles.png

Add and invite users

From unifi.ui.com, select your UniFi OS Console then click the Users button at the bottom of the screen. From here, you can view the users added to the selected console.

unifi_add_and_invite_users.png

Note: You need Owner or Super Admin status to invite users. If you don't see Users or System Settings at the bottom of your screen, request access from the Owner of the UniFi OS Console.

To add a new user:

  1. Click the grid icon in the top-right corner, select Users, then Add User.
  2. Add the new user's first and last name.
  3. Specify the user's role (as defined above).
  4. Select one of the account types:
    1. Ubiquiti Account - Grants remote and local access to a verified Ubiquiti account.
    2. Local Access Only - Grants local access without the need for a verified Ubiquiti account.

      Note: For more information on these account types, please see: UniFi - Accounts and Passwords.

  5. For Limited Admins, select a default or custom role in Application Permissions (as defined above).
  6. Enter any other required details, then click Add to create the new user. 

Add_new_user.png

The newly added user will receive an email invitation to access UniFi Protect. Once accepted, they will be able to log in to the UniFi OS Console remotely via unifi.ui.com and will appear as a guest.

new_user_invitation.png

Deactivate and delete users

To deactivate a user account, go to the Users page and select Deactivate from the vertical ellipse drop-down menu. You can reactivate the account later or delete it entirely.

UniFi_deactivate_and_delete_users_1.png

 

Deactivated users will be labeled as Deactivated in the user list and will be unable to log in to the UniFi OS Console or any of its applications.

Once a user is deactivated, you can delete them from the console. Deleted users will be removed from the user list and will need to be invited again (see above).

UniFi_deactivate_and_delete_users_3.png

 

Please note that:

  • Only the Owner can deactivate or delete Super Admins.
  • Super Admins can only deactivate or delete Limited Admins and Members.
  • Limited Admins and Members cannot deactivate or delete any users.

Related articles

UniFi - Accounts and Passwords




Was this article helpful?
35 out of 95 found this helpful