146

AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

 

RouterOS v3 Configuration and User Guide

 

 

7.3.2 Router User Groups

Submenu level: /user group

Description

The router user groups provide a convenient way to assign different permissions and access rights to different user classes.

Property Description

name (name) - the name of the user group

policy (multiple choice: local telnet ssh ftp reboot read write policy test winbox password web sniff) - group policy item set

local - policy that grants rights to log in locally via local console telnet - policy that grants rights to log in remotely via telnet

ssh - policy that grants rights to log in remotely via secure shell protocol

ftp - policy that grants remote rights to log in remotely via FTP and to transfer files from and to the router. Keep in mind that the user allowed to transfer files, may also upload a new RouterOS version that will be applied upon the next reboot

reboot - policy that allows rebooting the router

read - policy that grants read access to the router's configuration. All console commands that do not alter router's configuration are allowed

write - policy that grants write access to the router's configuration, except for user management. This policy does not allow to read the configuration, so make sure to enable read policy as well

policy - policy that grants user management rights. Should be used together with write policy test - policy that grants rights to run ping, traceroute, bandwidth-test and wireless scan, sniffer and snooper commands

winbox - policy that grants rights to connect to the router remotely using WinBox interface password - policy that grants user option to change own password

web - policy that grants rights to log in remotely via WebBox sniff - policy that grants access to the packet sniffer facility

￿

There are three system groups which cannot be deleted:

0 name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web, sniff,!ftp,!write,!policy

1 name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password, web,sniff,!ftp,!policy

2name="full"policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw

ord,web,sniff

Exclamation sign '!' just before policy item name means NOT.

Page 146
Image 146
Allied Telesis AT-WR4500 manual Router User Groups, Submenu level /user group