Users with read only permission only on a group of agents
903 views
Skip to first unread message
Simone Bonetti
Apr 29, 2021, 9:44:58 AM4/29/21
to Wazuh mailing list
Hi wazuh team and C.
rbac, readonly role.... is a nightmare :-)
I want that user1 sees only information|dashboard|events (read only role) on agents grouped in group1.
I want to do this for other users: ie. user2 and user3 to access only to agents in group2 and so on.
I follow rbac documentation and the discussion "User with read only permission" - https://groups.google.com/d/msgid/wazuh/35b49d6e-49f8-4c85-a57d-f2c10c62be7cn%40googlegroups.com?utm_medium=email&utm_source=footer
Then I created a policy named "group1_readonly_policy" where:
name: group1_readonly_policy
actions: agent:read, group:read, ciscat:read, mitre:read, rootcheck:read, sca:read, syscheck:read, syscollector:read, task:status
resources: agent:group:group1
effects: allow
Then I created a role named "group1_readonly_role" where:
name: group1_readonly_role
policies: group1_readonly_policy
Then a role mapping named "mapping group1_readonly_rolemapping" where:
name: group1_readonly_rolemapping
roles: group1_readonly_role
map internal users: user1 <- I created user1 as suggested in "User with read only permission" discussion
When I log in as user1 all is ok except sca visualization where I find this error:
You have no permissions
This section requires the permissions:
- agent:read (agent:id:*)
- sca:read (agent:id:*)
but if I change those permissions user1 see all agents.
The problem is only on the dashbord|visualization. I can see the events.
Where am I doing wrong?
Is there a better way to do this?
Thanks in advance
Simone
rbac, readonly role.... is a nightmare :-)
I want that user1 sees only information|dashboard|events (read only role) on agents grouped in group1.
I want to do this for other users: ie. user2 and user3 to access only to agents in group2 and so on.
I follow rbac documentation and the discussion "User with read only permission" - https://groups.google.com/d/msgid/wazuh/35b49d6e-49f8-4c85-a57d-f2c10c62be7cn%40googlegroups.com?utm_medium=email&utm_source=footer
Then I created a policy named "group1_readonly_policy" where:
name: group1_readonly_policy
actions: agent:read, group:read, ciscat:read, mitre:read, rootcheck:read, sca:read, syscheck:read, syscollector:read, task:status
resources: agent:group:group1
effects: allow
Then I created a role named "group1_readonly_role" where:
name: group1_readonly_role
policies: group1_readonly_policy
Then a role mapping named "mapping group1_readonly_rolemapping" where:
name: group1_readonly_rolemapping
roles: group1_readonly_role
map internal users: user1 <- I created user1 as suggested in "User with read only permission" discussion
When I log in as user1 all is ok except sca visualization where I find this error:
You have no permissions
This section requires the permissions:
- agent:read (agent:id:*)
- sca:read (agent:id:*)
but if I change those permissions user1 see all agents.
The problem is only on the dashbord|visualization. I can see the events.
Where am I doing wrong?
Is there a better way to do this?
Thanks in advance
Simone
Adrián Jesús Peña Rodríguez
Apr 29, 2021, 11:17:11 AM4/29/21
to Wazuh mailing list
Hello Simone,
We have been testing what you comment and we have reached the same problem you describe. It seems that the SCA panel of an agent is not being displayed correctly even having the required permissions.
In our test we have created several agents and the group group1, we have added agent 004 and the result is that we have not been able to visualize its panel. However, using the dev-tools we have been able to see all the information. This indicates that there is an error in the visualization.
These are the tests performed:
- user1's permissions:
- Agent 004 main panel:
- Agent 004 SCA panel:
- user1 dev-tools, agent 004 allowed:
- user1 dev-tools, agent 005 denied:
I have created the following issue to solve this problem: https://github.com/wazuh/wazuh-kibana-app/issues/3201. We are going to fix it as soon as possible.
If you have any other questions, don't hesitate to ask.
Best regards,
Adrián Peña
Simone Bonetti
Apr 30, 2021, 9:57:29 AM4/30/21
to Wazuh mailing list
Hello Adrián,
thank you for your reply. That's the problem.
I read that this issue will be fixed in 4.2 release.
Thanks
Best Regards
Simone
Simone Bonetti
Aug 4, 2021, 11:15:39 AM8/4/21
to Wazuh mailing list
Hi Adrián,
are there any news about this issue?
When wazuh 4.2 will be reelase?
Thanks
Best Regards
Simone
Javier Castro
Aug 27, 2021, 3:35:43 PM8/27/21
to Wazuh mailing list
Hello,
we released Wazuh v4.2.0 a couple of days ago.
You may read the release notes here: https://documentation.wazuh.com/current/release-notes/release_4_2_0.html
And also our blog post: https://wazuh.com/blog/wazuh-4-2-0-released/
For the upgrade guide you can follow our documentation: https://documentation.wazuh.com/current/upgrade-guide/index.html
Regards,
Javier.
Reply all
Reply to author
Forward
0 new messages