Site icon System Zone

MikroTik User Management (RouterOS User)

MikroTik User Management plays an important role in MikroTik system administration as well as MikroTik security. Don’t be confused the title User Management with the MikroTik UserManager. UserManager is an optional and totally separate package distributed by MikroTik. UserManager is an implementation of Radius server that is used to maintain not only RouterOS users but also PPPoE, PPTP, Hotspot, Wireless and DHCP users. In my few future articles, I will discuss how to maintain these users with MikroTik UserManager Radius server.

MikroTik RouterOS has a local user database which defines how to create login user and how to assign their permission. Without proper user management it is impossible to maintain MikroTik administration level as well as MikroTik security because most of the cases MikroTik Router will function in public network and thousands of hackers in public network will try to destroy your MikroTik Router configuration. So, as a network admin of MikroTik Router it is your first duty to know how to manage MikroTik RouterOS users properly.

MikroTik User List Window

In this article we will learn how to manage MikroTik RouterOS users with proper permission.

How to Create MikroTik RouterOS User

By default admin user who has full permission is created with no password while running MikroTik RouterOS first time. So, after login first time it is your first duty to assign a strong password to admin user. I always prefer to remove admin user and creating another user with full permission because admin is a known user and a hacker will always try to login to your MikroTik Router with admin user. So, if you keep this admin user, half of his work is done and he just needs to guess your password to login in your MikroTik router. On the other hand, if you remove admin user, it will be very difficult to guess your full permission user as well as his password.

In Winbox software, users will be found in System > Users menu item and the following steps will show how to create a RouterOS user with Winbox software.

A new user has been created successfully. Sometimes you may need to edit your existing user’s property. Now I will show you how to edit your existing users.

How to Edit MikroTik RouterOS User

User editing is easier than creating a new user. The following steps will show you how to edit your existing user’s property so easily.

How to Remove, Disable or Enable MikroTik RouterOS user

Sometimes you may need to remove, disable or enable your MikroTik user. Removing (or disabling and enabling) user is so easy. Just right click on your desired user and then choose your option what you want to do from the appeared option panel.

How to Create Custom Permission Level


User’s permission level is located under Group tab. By default three permission levels (called user Group) is created but you can create as many user permission levels as you want and can assign their policies. The following steps will show you how to create a new user group with policies.

 

  • Click on Groups tab and then click on PLUS SIGN (+) to create a new group. New Group window will appear.
  • Put your custom group name in Name input box.
  • Now choose policies for this group from Policies panel. Available policies and their description are given below table.
    Policy Name Description
    local User can log on locally via console
    telnet User can log on remotely via telnet
    ssh User can log on remotely via secure shell
    winbox User can log on remotely via winbox
    ftp User can log on remotely via ftp and send and retrieve files from the router
    reboot User can reboot the router
    read User can retrieve the configuration
    write User can retrieve and change the configuration
    policy Manage user policies, add and remove user
    test User can run ping, traceroute, bandwidth test
    web user can log on remotely via https
    ppp User can log on using ppp connections to the router (PPP, PPTP, PPPoE)
    api User can access router via api
  • After choosing group policies, click Apply and OK button.

How to manage MikroTik RouterOS users has been discussed in this article. I hope you are now able to manage and secure your MikroTik Router easily. However, if you face any problem to manage your MikroTik RouterOS user, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.

Exit mobile version