3013 - Permission denied: Resource type: *:*

1,013 views
Skip to first unread message

Sudo

unread,
May 8, 2023, 4:06:44 AM5/8/23
to Wazuh mailing list
Hello all. I have a problem with my RBAC rules since the update to 4.4. I get the error 3013 for users with read only rights inside wazuh-dashboard.

Since I didn't get any feedback on the Wazuh Discord and was referred here by the trainer from the Wazuh Engineer training, I'll try again to give some more information from my previous researches.

The error pattern described below occurred only after upgrading to version 4.4 

```

Error: 3013 - Permission denied: Resource type: *:*
    at createError (https://test.test.de/44006/bundles/plugin/wazuh/wazuh.plugin.js:2:28658)
    at settle (https://test.test.de/44006/bundles/plugin/wazuh/wazuh.plugin.js:8:19613)
    at XMLHttpRequest.onloadend (https://test.test.de/44006/bundles/plugin/wazuh/wazuh.plugin.js:2:26451)
```

The rule assigned to the users contains the following permissions
 
**Actions:**
```
agent:read
vulnerability:read
syscollector:read
ciscat:read
listen:read
mitre:read
rootcheck:read
rules:read
sca:read
read syscheck:read
group:read
group:update_config
```

**Ressources**
```
agent:group:CompanyName
```

If I add the resource `*:*:*` the user has no permission to see any agent at all, but the error message is no longer present.
It doesn't seem to matter what other resource I add. Also a rule:file:* seems to override the agent:group permissions so no agents are viewable anymore.

The index permissions have been set according to the RBAC documentation. The only exception here is another tentant to which read and write permissions have been assigned. 

If more info is needed, please let me know. Maybe someone can help.

Ifeanyi Onyia Odike

unread,
May 8, 2023, 7:25:45 AM5/8/23
to Wazuh mailing list
Hi Sudo,

Thank you for using Wazuh!

I will take a look at this issue and respond. Do hold on.

BR,

Ifeanyi Onyia Odike

unread,
May 8, 2023, 1:56:57 PM5/8/23
to Wazuh mailing list
Hi Sudo,

I have gone through this issue in detail and I would require some extra time to replicate it.
I will provide a response once this is done.

BR,

Sudo

unread,
May 9, 2023, 3:14:46 AM5/9/23
to Wazuh mailing list
Thanks for your effort

Ifeanyi Onyia Odike

unread,
May 9, 2023, 5:24:24 AM5/9/23
to Wazuh mailing list
Hi Sudo,

Thank you for holding on. I see you may have used the creating and setting Wazuh read-only user guide for your scenario. 
I have tried to replicate the issue and I did not receive the error in your first mail.

Can you follow these basics steps and tell me if it solves the issue:
1. Restart the Wazuh dashboard service and clear your browser cache and cookies.
2. Try to create and log in with a new user using the steps in the link provided above.

Please let us know how it goes.

BR,

Sudo

unread,
May 10, 2023, 5:51:57 AM5/10/23
to Wazuh mailing list
Thanks for the feedback. I have once again performed the steps mentioned:

1. clearing the cache and cookies does not lead to any change.
2. i went through the process again and have no problem when using the predefined group "readonly". However, when I follow the "Use Case: Give a user permissions to read and manage a group of agents" the problems described above occur again.

I have to create my own policy and role because I don't want users to be able to see all agents, which is done by assigning the resource agent:id:*.

Thanks again for your work

Ifeanyi Onyia Odike

unread,
May 10, 2023, 2:37:38 PM5/10/23
to Wazuh mailing list
Hi Sudo,

Thank you for your response. I will replicate this use case and revert with my findings.
Do hold on.

BR,

Ifeanyi Onyia Odike

unread,
May 14, 2023, 12:58:42 PM5/14/23
to Wazuh mailing list
Hi Sudo,


Can you try replicating the scenario and creating a new group for the user you have created using the steps in the documentation above?

Sergey S

unread,
Sep 4, 2023, 8:07:13 AM9/4/23
to Wazuh | Mailing List
Hello everybody

Wazuh Dashboard, Indexer, Manager 4.4.3
I'm developing RBAC in our Wazuh and faced with this problem too. Case is quite similar - one team has read access only to their agents.
And It doesn't seem like lack of permissions - users has all required access, but error still raises sometime.
My wazuh policy:
Actions:
  • agent:read
  • group:read
  • ciscat:read
  • vulnerability:read
  • mitre:read
  • rootcheck:read
  • sca:read
  • syshceck:read
  • syscollector:read
  • cluster:read
Resources:
  • agent:group:<some_group_name>
  • group:id:<some_group_name>
Also, found that @Gabriel Diaz Lopez de la Llave<gabrie...@wazuh.com> mentioned this error is as bug:
https://groups.google.com/g/wazuh/c/Cx57zocN9os/m/JntuUrvMBwAJ
but it is about Wazuh KIbana app, and I think Wazuh Dashboard is another case.

воскресенье, 14 мая 2023 г. в 18:58:42 UTC+2, Ifeanyi Onyia Odike:

Gus

unread,
Sep 20, 2023, 11:25:37 AM9/20/23
to Wazuh | Mailing List
Hi all,

Same issue here. v4.5.2 from OVA

Followed documentation here, tried twice:

User seems to be functinal, just constatntly getting the same error:

3013 - Permission denied: Resource type: *:*

createError@https://w.a*****/45202/bundles/plugin/wazuh/wazuh.plugin.js:2:28658
settle@https://w.a*****45202/bundles/plugin/wazuh/wazuh.plugin.js:8:19613
onloadend@https://w.a*****/45202/bundles/plugin/wazuh/wazuh.plugin.js:2:26457


Reply all
Reply to author
Forward
0 new messages