Is there any chance that some of future version of RoS have option to use address list in places such services, users… (in option like Available From/Allowed Address)?
Services (whatever you mean by that) can already be limited like that by building a firewall rule that blocks acccess unless accessed from address list xyz.
If you want to limit by user, you will have to track them somehow, e.g. via Radius. The question is then if you want to track their IP addresses (address list) or the sessions/connections which would be quite a bit more complex.
IP → Services, and than you can put IP addresses in Available From, but it be much easier if there is some way to use address list from some other option, like firewall, or to have custom lists for options like this.
Example for Winbox port:
add chain=input action=accept protocol=tcp src-address-list=YourAccessListHere in-interface-list=WANinterfaces dst-port=8291
add chain=input action=drop protocol=tcp src-address-list=!YourAccessListHere in-interface-list=WANinterfaces dst-port=8291
First rule allows all connections to Winbox port 8291 from IP adresses in “YourAccessListHere” when they enter the system from on of the interfaces in the interface list “WANinterfaces”
Second rule blocks all connections to Winbox port 8291 from IP adresses NOT in “YourAccessListHere” when they enter the system from on of the interfaces in the interface list “WANinterfaces”
Probably thinking of things like in Route Rules and other places where IP address is permitted but not firewall-address-lists.
@zemzema use VPN for manage something from users, do not allow direct access to the services inside the routerboard…
If you think that you need access lists for that, for sure you do not see the thing with the right prospective…