You can use roles to add users with limited permissions to allow access to specific devices managed by the UniFi Protect Controller.
The user roles can be viewed and managed on the Web UI only.
Only the owner of the UniFi Protect Controller can create user roles and grant or deactivate user access.
Define user roles
Use the Roles section (left side menu) on the UniFi Protect Controller to view and manage the user roles.
There are two default user roles on the UniFi Protect Controller:
- Administrators have view and edit access to all devices
- View Only users can only view the devices added on the controller
You can edit the default roles and create your own personalized user roles with custom settings.
To create a new user role:
- Go to the Roles section (left side panel) and click Add Role (upper right corner)
- Give the new role a name and choose access levels for each camera
- Сonfirm the new role
Once added, the new user role will appear in the Roles list.
Grant user access
1. To add a new user, go to Users > Add Admin and select Add Admin from the dropdown menu
Note that new accounts with view or edit access permissions are added as Admins.
2. Specify user's settings and permissions
You can select one of the following Roles:
- Super Admin (has complete control of the controller and its devices)
- Limited Admin (can access camera live views, timelapses, recorded events, and camera settings).
You can select one of the following Account Types:
- Ubiquiti Account (to grant remote and local access to a verified Ubiquiti account)
- Local Access Only (to grant local access only without a verified Ubiquiti account).
In Controller Permissions, you can choose one of the default or custom roles.
3. Wait for the user to accept the invitation
The newly added user will receive an email invitation to access the UniFi Protect Controller.
After accepting the invitation, they will be able to log into the controller via https://unifi.ui.com, and will appear as Guests.
Deactivate user access
To deactivate a user account, visit the Users page and select Deactivate from the three dot menu. You can reactivate the account later or delete it entirely.
Deactivated users will be displayed as Deactivated in the user list and will not be able to log into the Protect controller.
Deleted users will disappear from the user list and will need a new invitation to be added back to the controller.