This article identifies the different roles available in your UniFi OS Console, as well as their access privileges for the system and each application (UniFi Network, Protect, etc.). It also provides information on how to add, edit, and deactivate users.
- UniFi OS user roles and permissions
- Application-specific permissions
- Add and invite users
- Deactivate and delete users
UniFi OS user roles and permissions
There are four types of roles available in your UniFi OS Console: Owners, Super Admins, Limited Admins, and Members.
In general, Owners and Super Admins will receive administrative privileges within all of the console's applications while Limited Admins will only be able to view and manage the applications you specify. Members are used by the Talk and Access applications for users who don't actually need to access the UniFi web or mobile apps.
For a full breakdown of permissions, see the table below:
Roles |
UniFi OS Console permissions |
Application-specific permissions |
Owner |
Full access and privileges to the UniFi OS Console's Settings (e.g., firmware updating, factory-resetting, etc.).
Can invite, edit, deactivate and delete all users. |
Administrator privileges to make changes within the application. |
Super Admin An Administrator with full access privileges within the UniFi OS Console and each of its applications. |
Full access and privileges to the UniFi OS Console's Settings (e.g., firmware updating, factory-resetting, etc.).
Can invite, edit, deactivate, and delete Limited Admins and Members, but not other Super Admins. |
Administrator privileges to make changes within the application. |
Limited Admin |
No privileges |
Privileges are assigned for each application. Tiers include: Administrator, View Only, a custom role, or no access. |
Member |
No privileges |
UniFi Network and Protect: Not used UniFi Access: Can enter doors. UniFi Talk: Can be assigned phone numbers. |
Application-specific permissions
There are three default application permission types with the following privileges:
- Administrators:
- Can view and edit application settings
- View and edit all devices
- View Only Users:
- Access the UniFi OS Console
- View all devices
- None:
- Users in this tier won't be able to access the application.
These permission types can be applied to Limited Admin users. Owners and Super Admins are automatically given Administrator privileges for all applications.
Unifi Network-specific permissions
UniFi Network has two specialized administrator roles; however, they aren't typically used in most deployments:
- Hotspot Operator: Those with this role can manage guest WiFi hotspots set up by Administrators.
- Site Admin: Those with this role can manage application settings for a specific site. Please note that this setting is only available for UniFi OS Consoles that host multiple sites.
UniFi Protect-specific permissions
UniFi Protect gives you the ability to create application roles with a customized view and edit permissions for each connected camera and device.
- Edit access allows users to:
- View live camera streams, playback history, and device information.
- Adjust settings for a specific camera or device (e.g., change image quality settings, perform a factory reset, etc.).
- View access allows users to:
- View live camera streams, playback history, and device information.
- All users can view device activity (e.g., camera disconnections, etc.) and configure their own email and push notification alerts.
To create a new role in Protect:
- Click Add Role in the upper-right corner of the Roles menu.
- Enter the details for the new user role:
- Enter a name for the role.
- Under Device Management, select the access permissions (Edit or View). This can be done for specific cameras or all of them simultaneously.
- Click Add Role in the bottom-right corner to create the new role. Once added, the new user role will appear in the Roles list.
Add and invite users
From unifi.ui.com, select your UniFi OS Console then click the Users button at the bottom of the screen. From here, you can view the users added to the selected console.
Note: You need Owner or Super Admin status to invite users. If you don't see Users or System Settings at the bottom of your screen, request access from the Owner of the UniFi OS Console.
To add a new user:
- Click the grid icon in the top-right corner, select Users, then Add User.
- Add the new user's first and last name.
- Specify the user's role (as defined above).
- Select one of the account types:
- Ubiquiti Account - Grants remote and local access to a verified Ubiquiti account.
- Local Access Only - Grants local access without the need for a verified Ubiquiti account.
Note: For more information on these account types, please see: UniFi - Accounts and Passwords.
- For Limited Admins, select a default or custom role in Application Permissions (as defined above).
- Enter any other required details, then click Add to create the new user.
The newly added user will receive an email invitation to access UniFi Protect. Once accepted, they will be able to log in to the UniFi OS Console remotely via unifi.ui.com and will appear as a guest.
Deactivate and delete users
To deactivate a user account, go to the Users page and select Deactivate from the vertical ellipse drop-down menu. You can reactivate the account later or delete it entirely.
Deactivated users will be labeled as Deactivated in the user list and will be unable to log in to the UniFi OS Console or any of its applications.
Once a user is deactivated, you can delete them from the console. Deleted users will be removed from the user list and will need to be invited again (see above).
Please note that:
- Only the Owner can deactivate or delete Super Admins.
- Super Admins can only deactivate or delete Limited Admins and Members.
- Limited Admins and Members cannot deactivate or delete any users.
Related articles
UniFi - Accounts and Passwords