New user to access elasticsearch
74 views
Skip to first unread message
Salman Kazmi
Apr 1, 2021, 1:35:01 AM4/1/21
to Wazuh mailing list
Hi Team,
I have created new user to access my dashboard, I want to restrict that user to view logs only of the connected agent. What rights should be given to that internal users.
Attached screenshot is of the internal user created.
Regards,
Kazmi
I have created new user to access my dashboard, I want to restrict that user to view logs only of the connected agent. What rights should be given to that internal users.
Attached screenshot is of the internal user created.
Regards,
Kazmi
Manuel Camona Perez
Apr 5, 2021, 4:03:02 AM4/5/21
to Wazuh mailing list
Hi Kazmi,
First of all and to avoid the Forbidden message, you have to assign the kibana_user role to the user you created.
To do it go to Security > Roles > kibana_user and assign the role to the user.
With that role, your user will be able to log in Kibana, but he won't be able to see the Kibana dashboards.
After that, you will need to create a custom role. This custom role will include permissions to see the index wazuh-*. That way the user will be able to see the dashboards corresponding to that index.
In order to see events from a specific agent, you will have to include a Document Level Security specification when creating the custom role.
In the image attached can see the new role index permissions and document level security.
The document level security is:
{
"bool": {
"must": {
"match": {
"agent.name": "<YOUR_AGENT_NAME>"
}
}
}
}
which indicates the documents (events) shown with this role are the documents with agent.name = your specific agent name.
More information about the Document level security.
Assign the new role to the user following the same steps indicated to assign kibana_user and that user will only see events from the agent you specified.
I hope this helps, let me know if you have more questions!
Salman Kazmi
Apr 5, 2021, 4:27:49 AM4/5/21
to Wazuh mailing list
HI,
Thanks for your response Manuel,
I have made it but got a new error for tenants. I have changed multitenancy from false to true in "kibana.yml" but still it is not allowing to move forward.
Please see the below attached picture.
Regards,
Kazmi.
Thanks for your response Manuel,
I have made it but got a new error for tenants. I have changed multitenancy from false to true in "kibana.yml" but still it is not allowing to move forward.
Please see the below attached picture.
Regards,
Kazmi.
Message has been deleted
Manuel Camona Perez
Apr 5, 2021, 5:21:00 AM4/5/21
to Wazuh mailing list
Hi Kazmi,
I have been searching in the Kibana releases and the fix hasn't been release yet.
Have a look to the issue and check if the fix reported is the same use case to the one you were trying.
Here you can find a question another member of the team answered about multi-tenancy. It shows an example of how to use it. Have a look to it and check you are doing every step correctly.
Reply all
Reply to author
Forward
0 new messages