Hi,
I have created a user group with limited rights. What Policies would allow them to to save a backup? To be clear, not to export a script .rsc. I backup pulls the passwords, so even if they dumped it onto the same model they would not have access, right? Even if the backup was functional on the new hardware which I doubt it would be.
edit - upon further thought.... I suspect this is not possible and would require "full" admin rights. True? It would be nice to have a policy that would allow a custom group to have the ability to make a backup.
edit ii - Sensitive information
Starting with RouterOS v3.27, the following information is regarded as sensitive, and can be hidden from certain user groups with the 'sensitive' policy unchecked.
Also, since RouterOS v4.3, backup files are considered sensitive, and users without this policy will not be able to download them in any way.
Ok - I gave the users "sensitive" rights and tested, but that did not work either - nor do I want them to be able to download anyway. In any event - thought it may work.
Seems like allowing this backup only/ now download setting may be nice to have. Automated backups... .this is the way.
Anything I am missing please let me know.
Re: Allow limited user rights to make binary backup?
If all you want to do is create a binary backup, but leave it on the router, you don't need to allow that for your limited user group. Create a script to create the file and then a schedule that runs the script at whatever interval that you want. You can also have your script send the file somewhere (FTP, SCP, E-Mail, etc). I do that every evening. Your limited group does not need to be involved at all. Or am I missing what you are trying to do?
Re: Allow limited user rights to make binary backup?
Hey Jim - you are spot on. I will look into doing something like an automated backup and email. I have seen some of these on the forum. I will have a look. I really just one to capture one after it is deployed.If all you want to do is create a binary backup, but leave it on the router, you don't need to allow that for your limited user group. Create a script to create the file and then a schedule that runs the script at whatever interval that you want. You can also have your script send the file somewhere (FTP, SCP, E-Mail, etc). I do that every evening. Your limited group does not need to be involved at all. Or am I missing what you are trying to do?
Thanks for show me the light. Cheers.
Re: Allow limited user rights to make binary backup?
Here is mine. Feel free to adapt for your own purposes...
Code: Select all
# Policies needed: ftp, read, policy, sensitive, test
# Policies NOT needed: password, reboot, write, sniff, romon
:log info "Starting daily backup";
/system backup save name=RB750Gr3-1_Daily
/export file RB750Gr3-1_Daily
/system package print file RB750Gr3-1_Version.txt
:delay 00:00:01
/tool e-mail send file=RB750Gr3-1_Daily.backup to="jim@k6ccc.org" body="Router #1 daily backup file attached." \
subject="RB750Gr3-1 $[/system clock get date] at $[/system clock get time] Backup"
:delay 00:00:10
/tool e-mail send file=RB750Gr3-1_Daily.rsc,RB750Gr3-1_Version.txt to="jim@[redacted]" body="Router #1 daily script and version files attached." \
subject="RB750Gr3-1 $[/system clock get date] at $[/system clock get time] Script"
:log info "Daily backup script completed"
Re: Allow limited user rights to make binary backup?
@k6ccc - thank you sir.
Who is online
Users browsing this forum: ericsboro, Google [Bot] and 199 guests