UniFi - controller administrators explained

When accessing a UniFi controller, there are several administrator account types to choose from - with each differing in access rights and functionality.

In this guide, we will give you a whirlwind tour of the different administrator account types to choose from, as well as how to set them up.

The controller administrator accounts can be created in both the Classic Interface and the New Interface within the UniFi Cloud controller.

In the Classic Interface, simply navigate to Settings -> Admins to create and edit administrator accounts:

In the New Interface, navigate to Settings -> System -> Admins in order to add and change administrator accounts:

Super-administrator rights

Super administrators carry the maximum level of controller access permissions.  These administrator accounts will be able to view all sites within the controller, as well as change any type of configuration setting.  

Super administrators will also be able to demote and remove other super administrators.  These administrator accounts should only be provided to the most trusted parties.

Administrator (Site admin) rights

The administrator rights (now named "Site administrator", in the New Interface) are single-site administrators.  These accounts can be tailored to have varying levels of controller permissions.  The main limitation is they can only view/change a single site, rather than all sites (as a Super Administrator account would have the ability to).  

While administrator accounts are site-specific, read-only access can, however, be given to allow the administrator to view the rest of the sites.

Site administrator accounts come in handy when you wish to provide a site-specific party with controller access (for example, if you are an MSP hosting the network for a restaurant: you may wish to provide the restaurant's IT staff with site administrator rights, so that they can also oversee and change configurations for their specific network).

Read-only rights

Read-only accounts can - as the name suggests - only view sites.  These accounts will not be able to change any of the network configuration, and are simply used to oversee the network.

A good use case for read-only rights is (as an MSP) providing the end-venue with an account to oversee their network and clients listing, without giving them permissions to change any configurations.

Remote access accounts are linked to your UBNT Cloud account.  This will add your UniFi Cloud controller into your Cloud panel at network.unifi.ui.com.

The advantage of using the UBNT Cloud panel is that all of your controllers - Hubox or otherwise - will then be viewable via a centralized UI, and can be quickly launched without the need to input any further credentials.

For any questions, queries - or anything else UniFi, Omada, or UISP related - please feel free to get in touch with Hubox Support.  We'll be happy to help and advise you on any network-related queries :)