I tried to set up user which could do only testing functions (ping, traceroute etc..), nothing else:
As you can see, I allowed the user to log in via winbox/ssh and I allowed running "test" commands which is described as:
Code: Select all
/user group add name=pinger policy="ssh,test,winbox,!local,!telnet,!ftp,!reboot,!read,!write,!policy,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp" /user add name=pinger group=pinger
However, my experiment shows that user can't run anything, not even simple "ping" unless the "read" permission is given as well. I wanted to avoid that because I do not want the user to see all configuration...test - policy that grants rights to run ping, traceroute, bandwidth-test, wireless scan, sniffer, snooper and other test commands
As my experience somehow contradicts, what is written in manual, I am wondering if there is any "beginners" mistake which I did?