How to hide some elements to specific users

[Eduardo]

Hi, i need to hide some elements to specific users.

I created a new users, and i gave it the following permissions: 

I created this role and i mapped the user:

Then I created a policy that allows the user to see just his agents

But now when i log in with the user i get this error. It doesn't seem to affect anything, but it appears everytime. What can i do?

now, when i try to access to the index management, i get an error that says i don't have permission, and that's ok:

but when i go to stack management, i can modify the index patterns and the advanced settings. How can i disable it???

How can i disable that? Is there a way to hide some elements of the menu to specific users too? I want this user to see just his agents and some dashboards.

right now this users sees every option from the menu:

Thank you.

[Gabriel Diaz Lopez de la Llave]

Hello Eduardo,

The permissions the dashboard support are documented in 

https://opensearch.org/docs/2.6/security/access-control/permissions/ 

Unfortunately there are no permissions available to limit the visibility of the menus you mention as far as I understand them.

The error you're seeing "3013- permission denied: Resource type *.*" comes from a bug fixed in https://github.com/wazuh/wazuh-kibana-app/pull/5201 it will be released in Wazuh 4.6.0.

Gabriel

[Eduardo]

Thank you!

But then the user i created shouldn't be able to change the advanced setting and the index patterns from stack management right? is there a way to prevent a user to be able to change things from there?

[Gabriel Diaz Lopez de la Llave]

I believe the action groups you posted included index_all and that will give you permissions over the index patterns as stated in the documentation (the permissions for indexes and index patterns are the same I believe)

Also, the enforcement of these permissions are managed by each component of the dashboard. That's why the permissions' documentation is organized that way,

[Sergey S]

Hello Gabriel.

I'm developing RBAC for our Wazuh and faced with error "3013- permission denied: Resource type *.*". But it seems that RBAC works as expected, so required access users has.

We use Wazuh-dashboard 4.4.3. As i see from you link, this bug is in Kibana App.

Will it also be fixed in Wazuh-dashboard 4.6.0? Or there is another problem (not this bug)

Thanks in advance for your response

вторник, 25 июля 2023 г. в 12:33:53 UTC+2, Gabriel Diaz Lopez de la Llave:

[Gabriel Diaz Lopez de la Llave]

It should be fixed in 4.6.0 yes. I am not aware of any other bug related to this.

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/Cx57zocN9os/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/8392d9f0-bfa9-4dbb-b597-faa4232a8823n%40googlegroups.com.

[Sergey S]

Thank you Gabriel.

Have a nice day

понедельник, 4 сентября 2023 г. в 15:23:51 UTC+2, Gabriel Diaz Lopez de la Llave: