Create new user with existing role

[Peutre o/]

Hello everyone, 

I try to create an new user to login to Wazuh with an existing role like "administrator" or "agents_readonly"

I define the password, the user is well created but i still cannot login with it.

I try to restart kibana service or wazuh-manager but i still fail to log in with the new user.

Anyone can help ?

Many thanks

[Alfonso Ruiz-Bravo]

Hello Peutre,

Seeing what you show it looks like you are trying to create a user in the Wazuh API (this is fine for users who are going to use the Wazuh API directly without going through the WUI). In order to access the Kibana web interface you need an Open Distro/Elasticsearch user.

To create the user you propose you should perform the following steps:

1. Create a user in Open Distro with the desired roles:

https://opendistro.github.io/for-elasticsearch-docs/docs/security/access-control/users-roles/#create-users

Open Distro sample:

- Create testing user

- Map all_access role

At this point you will have created a user in Open Distro but he will not be able to perform any operation in the WUI, because the user will not have Wazuh API permissions, unless he has the setting run_as disabled in the wazuh.yml file normally located in the path /usr/share/kibana/data/wazuh/config/wazuh.yml on the Kibana host.

Let me remind you that if you have run_as disabled in that file, any user will be considered an administrator in the WUI. If you want to use RBAC for the Wazuh API and the WUI you will need to enable this setting.

2. Giving Wazuh API permissions to an Open Distro user. 

For this, you will only have to map the Open Distro user with the Wazuh API permissions.

WUI sample:

- Mapping

At this point we will be able to log in with our user:

I hope this information has been helpful. Do not hesitate to ask us any questions you may have.

Best regards,

Alfonso Ruiz-Bravo