Index permissions for custom role
13 views
Skip to first unread message
doc dodo
May 8, 2026, 7:35:23 AM (2 days ago) May 8
to Wazuh | Mailing List
Hello,
I have role with readonly permissions, but I want to add possibility to delete some indicies.
I can't delete object from "Dashboard manager". (screen1)
I recieve error:
{"type":"log","@timestamp":"2026-05-08T11:13:23Z","tags":["error","opensearch","data"],"pid":54,"message":"[security_exception]: no permissions for [indices:data/write/delete] and User [name=testuser, backend_roles=[readall], requestedTenant=null]"}
I tried adding the "
data/write/delete]
"
permission, but that didn't solve the problem. (screen2)
Olamilekan Abdullateef Ajani
May 8, 2026, 9:21:23 AM (2 days ago) May 8
to Wazuh | Mailing List
Hello,
I am looking into this and will revert shortly.
Regards,
Olamilekan Abdullateef Ajani
May 8, 2026, 9:50:03 AM (2 days ago) May 8
to Wazuh | Mailing List
Hello,
After evaluating the issue, I noticed you added the permission: indices:data/write/delete to the user read-only role so they are able to delete the object, but that permission is for index data documents, not Dashboard saved objects, which is what you tried to alter. Those are 2 different things.
Deleting from Dashboard Management Saved Objects is controlled by tenant permissions, the dashboard layer, as confirmed by the error in one of your screenshots. Unable to delete saved objects: Forbidden.
To allow the user to delete from dashboards or saved objects, you need to modify the Tenant permissions section of that role
Go to Security > Roles and edit your custom role, then scroll down to the tenant permission section and change it to read/write as indicated in the attached screenshot.
If you want them to be able to delete data but not delete dashboard objects, you can keep the tenant as read-only and use the Dev Tools to send a DELETE request to the index specifically.
That said, another option is to create a separate tenant and grant read/write on that tenant to properly isolate roles and operations.
More information in the documentation below:
https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/multi-tenancy.html
Deleting from Dashboard Management Saved Objects is controlled by tenant permissions, the dashboard layer, as confirmed by the error in one of your screenshots. Unable to delete saved objects: Forbidden.
To allow the user to delete from dashboards or saved objects, you need to modify the Tenant permissions section of that role
Go to Security > Roles and edit your custom role, then scroll down to the tenant permission section and change it to read/write as indicated in the attached screenshot.
If you want them to be able to delete data but not delete dashboard objects, you can keep the tenant as read-only and use the Dev Tools to send a DELETE request to the index specifically.
That said, another option is to create a separate tenant and grant read/write on that tenant to properly isolate roles and operations.
More information in the documentation below:
https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/multi-tenancy.html
Reply all
Reply to author
Forward
0 new messages