Very common approach.
My home vlan is 11 and that covers both wired and wireless (and can be tied to specific SSIDs and usually jusgt 5ghz)
My IOT vlan is 15 for both wired and wireless (on separate SSIDs usually just 2ghz)
I have numerous other vlans to separate specific computers or devices on the wired side
All my vlans have internet access only.
Home vlan has a printer on it.
Some vlans (other isolated PCs) have access to the shared printer as well.
ONly the admin computer (desktop) and laptop have access to the router itself for admin purposes
Only the admin computer has access to all vlans.
All the vlans have access to the router itself for ONLY port 53 (DNS).
Etc.
Best guideā¦
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1