Read-Only User who can save Visualizations

[Khul Sat]

Greetings!
I was trying to configure a read-only user who would only have access to save visualizations. Referred https://documentation.wazuh.com/current/user-manual/api/rbac/index.html but was not able to fulfill the requirement.

I still get the pop-up message at bottom right corner as - Error on saving 'xyz name' . Forbidden.
Does it have to do anything with https://github.com/opensearch-project/security-dashboards-plugin/issues/916#issuecomment-1554076384 comment?

Please advise and guide a way forward.

Thanks, KS

​

[Md. Nazmur Sakib]

Hi Khul Sat,

Hope you are doing well. Thank you for using Wazuh.

I think you are referring to creating an internal user. 

Check this document for detailed guidelines to create and map internal users.

https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html

There is also a use case to create read-only user:

https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html#creating-and-setting-a-wazuh-read-only-user

If you still face issues. Please let me know.

Regards

Md. Nazmur Sakib

[Khul Sat]

Hello,

I followed the same steps to create readonly user. Everything works well but the user is not able to save the visualizations. I think there is a need of modifying roles to make it works. Could you please help what all extra permissions required so that user is able to save visualizations? (User must be a readonly though.)

Thanks,KS

[Md. Nazmur Sakib]

Hi Khul Sat,

I hope you are doing well. 

To achieve this.

Click the upper-left menu icon ☰ to open the available options and click Wazuh.

Click Wazuh to open the Wazuh dashboard menu, select Security, and Click Roles to open the tab, click Create Role, and fill in the empty fields with the requested information.

• Role name: Assign a name to the new role.

• Policies: Select all the below policies the read-only user has. Additionally, add some policies that the admin user has to achieve your needs. To save visualization you might need to give some extra permissions which capability will be more than saving visualization. Be careful about that. Also, avoid unnecessary policies for the new user like decoders_all_files. Make changes and test the user before providing it to the end-user.

agents_read_agents

agents_read_groups

ciscat_read_ciscat

cluster_read_resourceless

cluster_read_nodes

decoders_read_decoders

lists_read_rules

rootcheck_read_rootcheck

rules_read_rules

mitre_read_mitre

sca_read_sca

syscheck_read_syscheck

syscollector_read_syscollector

vulnerability_read_vulnerability

Check this document for reference.

https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html#mapping-with-wazuh

I hope this helps. Please let me know if you need any further information.

Regards

Md. Nazmur Sakib

[Khul Sat]

Thanks a lot for your help!

Gone through the permissions and looks like nothing is related to the saving the visualization. Also one doubt to clarify, permissions to be set up on cluster level or indices level?

As when checked, there are two areas where permission can be configured.

Regards,KS

[Md. Nazmur Sakib]

Hi Khul Sat

Hope you are doing well. Sorry for the late response.

Cluster-level privileges: These privileges define the cluster-level actions users with this role are able to execute. 

Indices level privileges: The owners of the role have on index level, the associated data streams and indices specified in the names argument.

Check the document to learn more:

https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html

Regards

Md. Nazmur Sakib