UniFi Help Articles
UISP Help Articles
Video Tutorials
Community Forums
UniFi Design Center
UISP Design Center
RMA and Warranty
Contact Support
This article describes what are user roles and user groups, how to create them, assign or remove them from the users.
- Default user roles and permissions
- Create custom user roles
- Select or remove a role from a user
- Create groups
Default user roles and permissions
There are 9 types of predefined system roles:
- Workspace Owner
- Super Admin
- Workspace HR Admin
- Workspace IT Admin
- Workspace Read-only Admin
- Site Admin
- Site HR Admin
- Site Read-only Admin
Permission ranges for the admins are divided into two categories:
- Admins with workspace-level permissions own all the management authority for the entire workspace.
- Admins with site-level permissions have management authority for the resources and users in the managed site.
Below you will find detailed comparisons of workspace-level and site-level permissions for each user role.
Workspace-level permissions
User management
|
Permission |
Owner |
Super Admin |
Workspace HR Admin |
Workspace IT Admin |
Workspace Read-only Admin |
|
View users and groups |
|
|
|
|
|
|
Add, edit, and delete users and groups |
|
|
|
||
|
Configure AD/LDAP |
|
|
|
||
|
View AD/LDAP Configuration |
|
|
|
|
|
|
Edit AD/LDAP Configuration |
|
|
|
||
|
Import users from AD/LDAP |
|
|
|
||
|
View SSO Apps |
|
|
|
 |
|
|
Configure SSO Apps |
|
|
|
|
|
|
Assign/Unassign SSO |
|
|
|
Can only assign/unassign to themself |
Door access management
|
Permission |
Owner |
Super Admin |
Workspace HR Admin |
Workspace IT Admin |
Workspace Read-only Admin |
|
Set up UID Access |
|
|
|
||
|
View NFC card list and NFC card information |
|
|
|
|
|
|
Delete NFC card |
|
|
|
||
|
Add NFC card in batch mode |
|
|
|
||
|
Add, edit, or delete Door Group/Floor/Door |
|
|
|
||
|
Remote view |
|
|
|
|
|
|
Remote View and Remote Unlock |
|
|
|
||
|
View Door Group/Floor/Door/Elements |
|
|
|
|
|
|
Edit Unlock schedule |
|
|
|
||
|
Edit Door Guard |
|
|
|
||
|
Adopt elements, update firmware, and edit element information |
|
|
|
||
|
Unlock door |
|
|
|
||
|
Submit Feedback |
|
|
|
|
|
|
Update data version |
|
|
|
||
|
View access policy/schedule/holiday group |
|
|
|
|
|
|
Edit access policy/schedule/holiday group |
|
|
|
||
|
View Visitor information |
|
|
|
|
|
|
Add or edit Visitor |
|
|
|
||
|
View Access Logs |
|
|
|
|
|
|
Export Access Logs |
|
|
|
Network management
|
Permission |
Owner |
Super Admin |
Workspace HR Admin |
Workspace IT Admin |
Workspace Read-only Admin |
|
Set up Wi-Fi |
|
|
|
||
|
View Wi-Fi configuration |
|
|
|
|
|
|
Edit Wi-Fi configuration |
|
|
|
||
|
Set up VPN |
|
|
|
||
|
View VPN configuration |
|
|
|
|
|
|
Edit VPN configuration |
|
|
|
Security policy management
|
Permission |
Owner |
Super Admin |
Workspace HR Admin |
Workspace IT Admin |
Workspace Read-only Admin |
|
View Security Policy |
|
|
|
|
|
|
Add, Edit, or delete Security Policy |
|
|
|
Manage assignment
|
Permission |
Owner |
Super Admin |
Workspace HR Admin |
Workspace IT Admin |
Workspace Read-only Admin |
|
Assign/unassign user roles |
|
|
|
||
|
Assign/unassign users to groups |
|
|
|
||
|
Edit user lifecycle |
|
|
|
||
|
Assign/unassign access policy and NFC cards to users |
|
|
|
*Can only assign NFC card for the admin themself |
|
|
Assign/unassign specific Wi-Fi network to users |
|
|
|
*Can only assign Wi-Fi network for the admin themself |
|
|
Assign/unassign specific VPN network to users |
|
|
|
*Can only assign VPN network for the admin themself |
Help Desk management
|
Permission |
Owner |
Super Admin |
Workspace HR Admin |
Workspace IT Admin |
Workspace Read-only Admin |
|
View tickets |
|
|
|
|
|
|
Edit tickets |
|
|
|
Host device management
|
Permission |
Owner |
Super Admin |
Workspace HR Admin |
Workspace IT Admin |
Workspace Read-only Admin |
|
View Host Device information, submit feedback on Host Device |
|
|
|
|
|
|
View UniFi Portal entrance |
|
|
|
|
|
|
Add Host Device admin |
|
|
|
||
|
Delete Host Device |
|
|
|
||
|
Set up UID Agent |
|
|
|
Site-level permissions
User management
|
Permission |
Site Admin |
Site HR Admin |
Site IT Admin |
Site Read-only Admin |
|
View users and groups |
|
|
|
|
|
Add, edit, and delete users and groups |
|
|
Door access management
|
Permission |
Site Admin |
Site HR Admin |
Site IT Admin |
Site Read-only Admin |
|
Set up UID Access |
|
|
||
|
View NFC card list and NFC card information |
|
|
|
|
|
Delete NFC card |
|
|
||
|
Add NFC card in batch mode |
|
|
||
|
Add, edit, or delete Door Group/Floor/Door |
|
|
||
|
Remote view |
|
|
|
|
|
Remote View and Remote Unlock |
|
|
||
|
View Door Group/Floor/Door/Elements |
|
|
|
|
|
Edit Unlock schedule |
|
|
||
|
Edit Door Guard |
|
|
||
|
Adopt elements, update firmware, and edit element information |
|
|
||
|
Unlock door |
|
|
||
|
Submit Feedback |
|
|
|
|
|
Update data version |
|
|
||
|
View access policy/schedule/holiday group |
|
|
|
|
|
Edit access policy/schedule/holiday group |
|
|
||
|
View Visitor information |
|
|
|
|
|
Add or edit Visitor |
|
|
||
|
View Access Logs |
|
|
|
|
|
Export Access Logs |
|
|
Network management
|
Permission |
Site Admin |
Site HR Admin |
Site IT Admin |
Site Read-only Admin |
|
Set up Wi-Fi |
|
|
||
|
View Wi-Fi configuration |
|
|
|
|
|
Edit Wi-Fi configuration |
|
|
||
|
Set up VPN |
|
|
||
|
View VPN configuration |
|
|
|
|
|
Edit VPN configuration |
|
|
Manage assignments
|
Permission |
Site Admin |
Site HR Admin |
Site IT Admin |
Site Read-only Admin |
|
Assign/unassign user roles |
|
|||
|
Assign/unassign users to groups |
|
|
||
|
Edit user lifecycle |
|
|
||
|
Assign/unassign access policy and NFC cards to users |
|
|
*Can only assign NFC card for the admin themself |
|
|
Assign/unassign specific Wi-Fi network to users |
|
|
*Can only assign Wi-Fi network for the admin themself |
|
|
Assign/unassign specific VPN network to users |
|
|
*Can only assign VPN network for the admin themself |
Help Desk management
|
Permission |
Site Admin |
Site HR Admin |
Site IT Admin |
Site Read-only Admin |
|
View tickets |
|
|
|
|
|
Edit ticket status |
|
|
Host device management
|
Permission |
Site Admin |
Site HR Admin |
Site IT Admin |
Site Read-only Admin |
|
View Host Device information, submit feedback on Host Device |
|
|
|
|
|
View UniFi Portal entrance |
|
|
|
|
|
Add Host Device Admin |
|
|
||
|
Delete Host Device |
|
|
||
|
Set up UID Agent |
|
|
Create custom user roles
Workspace owners and super admins can create custom admin roles to grant customized permissions.
To create a custom user role:
1. Log in to the UID Portal as the owner or super admin.
2. Go to the Users > Roles section and click Add Custom Role.
3. Enter the role name, select a permission range, and specify the permissions as needed.
4. Click Add to confirm your settings and create the custom user role.
To edit the custom user role, click on the custom role, modify the permissions and other details as necessary, and click Save to confirm the changes.
Select or remove a role from a user
To select a role for a user:
1. Go to the Users > Admins section and click Add Admin.
2. Select the role and the user and click Add to confirm.
To remove a role from a user:
1. Click on the user on the Users > Admins section, click the X symbol to remove a user role, and click Save to confirm, or
2. Hover over the user you want to remove the role from and click Remove.
Create groups
When a new workspace is created, a root organization with the same name as the workspace is created automatically. This is the highest organization level in the workspace and cannot be modified.
However, you can create sub-organizations in the form of sites and user groups.
Note: Only owners, super admins, or site admins can create and manage user and site groups.
Create a new site
1. Go to Settings > Sites > Add a New Site.
2. Follow the instructions on-screen to enter the required information and click Done to add the new site.
Create a user group
1. Go to Users > Groups section and click Add Sub-Group.
2. Enter the group name and click Add to create the new group.
