Community discussions

 
User avatar
vecernik87
Member
Member
Topic Author
Posts: 352
Joined: Fri Nov 10, 2017 8:19 am

group permission "test"

Tue Dec 04, 2018 2:28 am

I do not consider myself as beginner but this particular question is so simple that I believe it belongs here.
I tried to set up user which could do only testing functions (ping, traceroute etc..), nothing else:
/user group add name=pinger policy="ssh,test,winbox,!local,!telnet,!ftp,!reboot,!read,!write,!policy,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
/user add name=pinger group=pinger
As you can see, I allowed the user to log in via winbox/ssh and I allowed running "test" commands which is described as:
test - policy that grants rights to run ping, traceroute, bandwidth-test, wireless scan, sniffer, snooper and other test commands
However, my experiment shows that user can't run anything, not even simple "ping" unless the "read" permission is given as well. I wanted to avoid that because I do not want the user to see all configuration...

As my experience somehow contradicts, what is written in manual, I am wondering if there is any "beginners" mistake which I did?
 
sebastia
Long time Member
Long time Member
Posts: 662
Joined: Tue Oct 12, 2010 3:23 am

Re: group permission "test"

Wed Dec 05, 2018 11:23 pm

Hey

I don't think "it's just you". Same experience here: the policy grouping / consistency / effectiveness needs to be looked at by Mikrotik.

Who is online

Users browsing this forum: emilst and 28 guests