146
AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers
RouterOS v3 Configuration and User Guide
7.3.2
Router User Groups
Submenu level:
/user group
Description
The router user groups provide a convenient way to assign different permissions and access rights to
different user classes.
Property Description
name
(
name
) - the name of the user group
policy
(
multiple choice:
local | telnet | ssh | ftp | reboot | read | write | policy | test | winbox | password |
web | sniff) - group policy item set
local
- policy that grants rights to log in locally via local console
telnet
- policy that grants rights to log in remotely via telnet
ssh
- policy that grants rights to log in remotely via secure shell protocol
ftp
- policy that grants remote rights to log in remotely via FTP and to transfer files from and to the
router. Keep in mind that the user allowed to transfer files, may also upload a new RouterOS version
that will be applied upon the next reboot
reboot
- policy that allows rebooting the router
read
- policy that grants read access to the router's configuration. All console commands that do not
alter router's configuration are allowed
write
- policy that grants write access to the router's configuration, except for user management. This
policy does not allow to read the configuration, so make sure to enable
read
policy as well
policy
- policy that grants user management rights. Should be used together with
write
policy
test
- policy that grants rights to run ping, traceroute, bandwidth-test and wireless scan, sniffer and
snooper commands
winbox
- policy that grants rights to connect to the router remotely using WinBox interface
password
- policy that grants user option to change own password
web
- policy that grants rights to log in remotely via WebBox
sniff
- policy that grants access to the packet sniffer facility
There are three system groups which cannot be deleted:
0 name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,
sniff,!ftp,!write,!policy
1 name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password,
web,sniff,!ftp,!policy
2name="full"policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw
ord,web,sniff
Exclamation sign '
!
' just before policy item name means
NOT
.