Hi all,
I've go a need to create a reasonably generic "admin" user with rights to update specific configuration aspects of RouterOS.
To be more precise, I'd like to enable a user to update pretty much everything to do with wireless, including SSID, channels and pretty much everything else, however I don't want him to be able to tamper with the devices as such. Specifically we'll be creating a bridge over two of the three ethernet ports and the wireless interface, and two pppoe connections over the other. We don't want the user to be able to access anything with regards to this bridge and pppoe config, but (s)he needs to be able to configure the IP assigned to br0. We'll also be storing a few scripts on the router which we don't want the admins to tamper with.
From what I can see the access controls we can grant read and/or write privileges on the config as a whole, but we can't seem to deny access to specific configuration areas (or even if it's the other way round, we're willing to grant access to specific bits that makes sense).
Any ideas?