MikroTik User Management plays an important role in MikroTik system administration as well as MikroTik security. Don’t be confused the title User Management with the MikroTik UserManager. UserManager is an optional and totally separate package distributed by MikroTik. UserManager is an implementation of Radius server that is used to maintain not only RouterOS users but also PPPoE, PPTP, Hotspot, Wireless and DHCP users. In my few future articles, I will discuss how to maintain these users with MikroTik UserManager Radius server.
MikroTik RouterOS has a local user database which defines how to create login user and how to assign their permission. Without proper user management it is impossible to maintain MikroTik administration level as well as MikroTik security because most of the cases MikroTik Router will function in public network and thousands of hackers in public network will try to destroy your MikroTik Router configuration. So, as a network admin of MikroTik Router it is your first duty to know how to manage MikroTik RouterOS users properly.
In this article we will learn how to manage MikroTik RouterOS users with proper permission.
How to Create MikroTik RouterOS User
By default admin user who has full permission is created with no password while running MikroTik RouterOS first time. So, after login first time it is your first duty to assign a strong password to admin user. I always prefer to remove admin user and creating another user with full permission because admin is a known user and a hacker will always try to login to your MikroTik Router with admin user. So, if you keep this admin user, half of his work is done and he just needs to guess your password to login in your MikroTik router. On the other hand, if you remove admin user, it will be very difficult to guess your full permission user as well as his password.
In Winbox software, users will be found in System > Users menu item and the following steps will show how to create a RouterOS user with Winbox software.
- Go to System > Users menu item. User List window will appear.
- Click on PLUS SIGN (+) to create a new user. New User window will appear.
- Now put username or login name in Name input field.
- Choose user permission from Group dropdown menu. By default three permission levels are present: full, read and write. Full permission means an administrator user who has all privileges, read permission will allow only view the configuration and write permission will allow all the privileges except ftp and policy permission. I will discuss about custom permission level and their privileges in the next section elaborately. Now choose your user’s permission level what you want from Group dropdown menu.
- Optionally you can assign user IP address from which he is allowed to login to the system. If you want to assign IP address, put it in Allowed Address input box. You can also assign multiple IP address by clicking right side arrow sign.
- Put user password in Password input box and retype your password in Confirm Password input box.
- Click Apply and OK button.
A new user has been created successfully. Sometimes you may need to edit your existing user’s property. Now I will show you how to edit your existing users.
How to Edit MikroTik RouterOS User
User editing is easier than creating a new user. The following steps will show you how to edit your existing user’s property so easily.
- Just double click on your user which you want to edit. User property window will appear.
- Now you can edit username or login name, user permission level as well as user’s allowed IP address.
- If you want to change user’s password, click on Password button from button panel and change user’s password.
- Click Apply and OK button.
How to Remove, Disable or Enable MikroTik RouterOS user
Sometimes you may need to remove, disable or enable your MikroTik user. Removing (or disabling and enabling) user is so easy. Just right click on your desired user and then choose your option what you want to do from the appeared option panel.
How to Create Custom Permission Level
User’s permission level is located under Group tab. By default three permission levels (called user Group) is created but you can create as many user permission levels as you want and can assign their policies. The following steps will show you how to create a new user group with policies.
- Click on Groups tab and then click on PLUS SIGN (+) to create a new group. New Group window will appear.
- Put your custom group name in Name input box.
- Now choose policies for this group from Policies panel. Available policies and their description are given below table.
Policy Name Description local User can log on locally via console telnet User can log on remotely via telnet ssh User can log on remotely via secure shell winbox User can log on remotely via winbox ftp User can log on remotely via ftp and send and retrieve files from the router reboot User can reboot the router read User can retrieve the configuration write User can retrieve and change the configuration policy Manage user policies, add and remove user test User can run ping, traceroute, bandwidth test web user can log on remotely via https ppp User can log on using ppp connections to the router (PPP, PPTP, PPPoE) api User can access router via api - After choosing group policies, click Apply and OK button.
How to manage MikroTik RouterOS users has been discussed in this article. I hope you are now able to manage and secure your MikroTik Router easily. However, if you face any problem to manage your MikroTik RouterOS user, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.