What's the difference between the Master Administrator, Administrator and Viewer accounts in the Omada Controller?

TL-SG2008P , TL-SG3452X , TL-R605 , TL-SG3452XP , EAP245( V3 V4 ) , EAP230-Wall , TL-SG2210P( V3 V3.20 V4 V5 ) , SG2210MP , TL-SX3008F , ER7206 , ER8411 , EAP115( V4 V4.20 V5 ) , EAP235 , TL-SL2428P( V4 V4.20 V5 V6 ) , TL-SX3016F , S4500-8G , SG2218 , SG3428 , Omada Software Controller( V5 ) , TL-SG3452P , TL-SG3428X , ER605 , EAP650-Outdoor , EAP772-Outdoor( V1 ) , SL2428P , S4500-8GHP2F , EAP660 HD , AP9665 , S4500-16G2F , TL-SG3428XF , ER707-M2 , EAP673 , EAP110( V4 V5 ) , Omada Cloud-Based Controller , EAP670 , EAP235-Wall , TL-SG2210MP , SG3210 , SG3452 , SG3452X , TL-SG3210XHP-M2 , S5500-24GP4XF , EAP225( V3 V3.20 V4 V5 ) , TL-SG2428P , EAP610-Outdoor , EAP115-Wall , SG3428XF , SG2428LP , EAP225-Wall( V2 ) , EAP225-Outdoor , EAP223 , SX3008F , SG3428MP , SG3428X , EAP725-Wall , SG3452P , EAP265 HD , SX3016F , EAP620 HD , SG2428P , SG2008P , SG3452XP , EAP613 , EAP610 , EAP653 , TL-SG3428 , TL-SG2218 , SG2210P , EAP655-Wall , S5500-4XHPP2XF , EAP615-Wall , S5500-8MHP2XF , TL-ER7206 , TL-SG3428MP , TL-SG2008( V3 V4 ) , EAP650 , TL-SG3452 , TL-SG3210( V3 ) , EAP690E HD , TL-SX3206HPP , EAP623-Outdoor HD , EAP650-Wall , SG3428XMP , EAP110-Outdoor( V3 V4 ) , TL-SG3428XMP , SX3206HPP
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device, and check either the Datasheet or the firmware section for the latest improvements added to your product. Please note that product availability varies by region, and certain models may not be available in your region.
Overview
When you are ready to add new administrators to your Omada Controller, there will be three types of account roles you choose to assign. Master Administrator, Administrator, and Viewer. The level of rights and access will be determined by the type of account role assigned to the user.
*With V5.9 and up of the Omada Controller supports customized user role settings. These 3 roles remain the default options.
When you add a new user to an Administrator or Viewer role, you could specify which sites you want them to have permission to access. These users cannot see sites beyond their assigned authorization. Their management will be limited to their access and assigned role. Master Administrator users have full access and can assign lesser roles and access.
Account Description
1) Master Administrator
This role is assigned to the user who sets up the Controller for the first time. The account’s login will be tagged as a Master Administrator account and will have full access to Controller and all sites and systems it manages.
2) Administrator account
Administrator accounts have more access than a viewer account but less than a Master Administrator account. The account cannot access the following options:
Global-View: Logs
Global-View: Settings
Site view: Transmission > Quality of Services
Site view: VPN > Wireguard
Site view: Profiles > Service Type
Site view: Services > DNS Proxy
Site view: Services > Export Data
Log out (top right corner)
3) Viewer account
Viewer accounts have the following restrictions:
No access——You cannot get to it or see anything
- Site >Device Account
- Wired > Internet > WAN
- Wireless Networks > WLAN > AI WLAN Optimization
- VPN >VPN > IPsec Failover/ SSL VPN
- Services > DHCP Reservation/Dynamic DNS/SNMP
- Account Settings (top right corner)
View only——You have access to it but have no permission to edit or see details of existing entries
- Dashboard
- Map
- Devices->Device List
- Insight
- Logs
- Tools
- Report
- Wired Networks->Internet->WAN mode
- Wired Networks->Internet->LAN
- Wireless Networks->WLAN
- Network Security->ACL
- Network Security->URL Filtering
- Network Security->Attack Defense
- Network Security->Firewall
- Network Security->IP-MAC Binding
- Transmission
- Authentication->Portal/ MAC-Based Authentication/ RADIUS Profile/ LDAP
- Services > mDNS/ UPnP/ SSH/ Reboot Schedule/ PoE Schedule/ IPTV/ Upgrade Schedule
Customized roles - Omada Controller v5.9+
After you have upgraded your Omada Controller to v5.9 or higher, you’ll be able to assign customize roles with different permissions you want a specific user to have.
Looking for More
Is this faq useful?
Your feedback helps improve this site.
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
Thank you
We appreciate your feedback.
Click here to contact TP-Link technical support.

TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.
We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .
We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .
Basic Cookies
These cookies are necessary for the website to function and cannot be deactivated in your systems.
TP-Link
SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Zendesk
OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance
Analysis and Marketing Cookies
Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.
The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au