My company currently has all of our Engineers using the admin account in our MikroTik routers. We have added several new people lately and this growth has prompted the need to trace any changes that were made back to the person responsible. Rather than go to each of our 30+ routers individually and add an account (or remove an account if an employee leaves) we decided the best option was to setup User Manager in order to validate our RouterOS logins. I have userma setup and running on an old RB1000 running 5.26 and I have setup an account which I can login with, however I have noticed a couple things:

1: I do not have access to any terminal (telnet, ssh, or within winbox). I receive a login prompt when i connect but it will not authenticate. Every other task can be performed as normal.
2: I do not see a way to set different policies to the user accounts. Currently the default group is set to full, so all users would have complete access to the router (with the above exception). I would like to be able to specify additional group policies so my techs can have read access, and my backups have their own special access. Am I missing something, or is this something that userman just cannot do?

Any information would be helpful, thanks.