User Privileges
SUMMARY Understand how conflicting privileges are resolved.
The Juniper Mist portal won't allow you to configure multiple privileges for a user; however, you can get into this situation when setting up user accounts through the API.
When different user roles are assigned at different levels (Managed Service Provider, organization, or site), the highest granted privilege applies.
For example, if a user is granted the Super User role at the organization level and the Helpdesk role at the site level, the Super User role takes effect at the site level.
In the API, the /self API query fetches only the explicitly granted privileges for an MSP user. It does not fetch the inherited privileges of the user. To view the inherited privileges at the organization level, you need to run the GET API query ‘/msps/:msp_id/orgs’ at the MSP level. To view the inherited privileges at the site level, run the GET API query (/orgs/:org_id/sites) at the organization level.