Manage access to the admin console with Network Admin, IT Admin, and Auditor roles

We’ve added more user roles to make it easier to manage access to your network. Now, in addition to your tailnet Owner, Admins, and Members, you can give users the roles of Network Admin, IT Admin, and Auditor. This lets users access the admin console without the full permissions of an Admin.

The new roles are:

Read our documentation on user roles to get a full list of permissions each role has.

Separating Admin permissions into Network Admin and IT Admin helps larger organizations meet requirements for separation of duties, so that adding a device and changing its ACL will require two users to take action. If you’re a smaller organization or don’t have this need, the Admin role isn’t going anywhere and lets you manage both.

User roles are different from access control lists (ACLs). User roles are Identity & Access Management (IAM) roles used to restrict access to the admin console, which includes accessing your network configuration; whereas ACLs are used to restrict which users and devices can communicate in your network.

To grant a user a role, navigate to the Users tab of the admin console, and for an individual’s row, select a new role.

Subscribe for monthly updates

Product updates, blog posts, company news, and more.

Too much email? RSS Twitter