Tue Jul 11, 2023 11:39 pm
No you not doing anything wrong. It is protecting you from locking yourself out of the router.
You first have to create or have a second user with full access, and as you have already done.
Then set the Admin to read, apply, expire the password and then disable it. I prefer to expire the password after setting it to read. This to use it as a decoy/slowdown for any attackers.
update: you can even create a group with no rights instead of read. Hoping Mikrotik did not make the obvious mistake that no rights is the same as all rights. ;-)