3013 - Permission denied: Resource type: *:*

[Alejandro Perez Reinoso]

Hi Team, I am new using Wazuh and I am creating a user that can only have access to certain Agents adding a label on the config file, but the thing is that when I login with this user I am getting this error:

Error: 3013 - Permission denied: Resource type: *:*
    at createError (https://192.168.168.31/44006/bundles/plugin/wazuh/wazuh.plugin.js:2:28658)
    at settle (https://192.168.168.31/44006/bundles/plugin/wazuh/wazuh.plugin.js:8:19613)
    at XMLHttpRequest.onloadend (https://192.168.168.31/44006/bundles/plugin/wazuh/wazuh.plugin.js:2:26451)

I am able to load the right agents and seems that I have access to the agents information, but I am getting this error, I would like to know if someone can help me to find out what's happening. Thank you in advance.

[Eduardo Leon Aldazoro]

Hi Alejandro, Thanks for using Wazuh !

The error you're experiencing is related to the Role-Based Access Control (RBAC) configuration in Wazuh. The error message indicates that the use you have created does not have the necessary permissions to access certain resources.

You fix it, you need to review and adjust the RBAC config for the user you created:

- Go to Dashboard -> Security. Please review the policies associated with the user, and make sure they have the necessary permissions for the resources it needs to access.

- Next, Review the roles associated with the user. Ensure that the role includes the policy you created or modified.

- In the User Section, verify that the user is associated with the appropriate roles. 

You can find more information about RBAC in our documentation here.

Hope this answers your question!

Best Regards,

Eduardo

[Sudo]

I have the same problem. Since I didn't get any feedback on the Wazuh Discord and was referred here by the trainer from the Wazuh Engineer training, I'll try again to give some more information from my previous researches.

The error pattern described below occurred only after upgrading to version 4.4 

```

Error: 3013 - Permission denied: Resource type: *:*

    at createError (https://test.test.de/44006/bundles/plugin/wazuh/wazuh.plugin.js:2:28658)
    at settle (https://test.test.de/44006/bundles/plugin/wazuh/wazuh.plugin.js:8:19613)
    at XMLHttpRequest.onloadend (https://test.test.de/44006/bundles/plugin/wazuh/wazuh.plugin.js:2:26451)
```

The rule assigned to the users contains the following permissions

 
**Actions:**
```
agent:read
vulnerability:read
syscollector:read
ciscat:read
listen:read
mitre:read
rootcheck:read
rules:read
sca:read
read syscheck:read
group:read
group:update_config
```

**Ressources**
```
agent:group:CompanyName
```

If I add the resource `*:*:*` the user has no permission to see any agent at all, but the error message is no longer present.
It doesn't seem to matter what other resource I add. Also a rule:file:* seems to override the agent:group permissions so no agents are viewable anymore.

The index permissions have been set according to the RBAC documentation. The only exception here is another tentant to which read and write permissions have been assigned. 

If more info is needed, please let me know. Maybe someone can help.

[Eduardo Leon Aldazoro]

Hi Sudo,

I'm sorry for the late response, can you please open a new thread it can be in this google group or in our slack channel since this was already closed.

Also remember to Reply to all for us to get notifications on the response in case further assistance is needed.

Best Regards,

Eduardo