User with read only permission

315 views
Skip to first unread message

Rabail Naseer

unread,
Apr 26, 2021, 5:32:30 AM4/26/21
to Wazuh mailing list
Hi wazuh team,
I am using wazuh OVA file and I have disable the default admin user and create new user through dashboard with privileges same as admin.
Now i want to create another user with read only priviledges ...how i can do this??

Victor Moreno Jimenez

unread,
Apr 26, 2021, 6:47:19 AM4/26/21
to Rabail Naseer, Wazuh mailing list

Hi @,
To create a read only user you’ll need to follow these steps:

  • First, create a custom admin role mapping in the Wazuh app. This have to be done because we need to enable run_as in Kibana and otherwise, you won’t have permissions. Create the role and map it to your admin user, in the example wazuh user:

image.png

  • Next, enable run_as in Kibana config. Access to your Kibana node and open configuration file /usr/share/kibana/data/wazuh/config/wazuh.yml:
hosts: 
  - default: 
      url: https://<kibana-ip>
      port: 55000 
      username: <user>
      password: <password>
      run_as: true

Restart Kibana: systemctl restart kibana.

  • Now, we are going to create the read-only user at Opendistro level, go to Home->Management->Security->Internal users and create the user.
    image.png

  • You will have to map it to the kibana_user role, for example:
    image.png

  • Now, you’ll have to create a new role at Opendistro level with read only permissions.
    image.png

  • After that, map your read only user to the created role rouser-role as you did with the kibana_user role. You have to map the rouser to the role rouser-role.

  • Finally, go to Wazuh app, Wazuh->Security and create a new role mapping, mapping the readonly role to the rouser user.

image.png

  • To test if everything is working fine, logout and log in again with your rouser user. Go to Wazuh->Dev tools and try to execute a GET and a POST API call.
    image.png

Hope it helps!


--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/35b49d6e-49f8-4c85-a57d-f2c10c62be7cn%40googlegroups.com.

Rabail Naseer

unread,
Apr 27, 2021, 3:33:45 AM4/27/21
to Wazuh mailing list
Hi Victor,

I have created the new user successfully with read only rights but when I log-in to my admin user (which is Alama) the dashboard shows no data like the below screen short.



Screenshot_2.png

Victor Moreno Jimenez

unread,
Apr 27, 2021, 4:29:55 AM4/27/21
to Rabail Naseer, Wazuh mailing list

Hi Rabail Naseer,
Please make sure that your custom admin Alama is mapped to the created opendistro_wazuh_admin role. The role opendistro_wazuh_admin is created in the first step of my last message.
If it is not mapped, first logout of Alama user and log back in with the default admin user (you need admin rights to access the Security menu). Please go to Wazuh -> Security -> Roles mapping and map your user as shown in the picture below:

image.png

Once you do that, log out and log back in with your user Alama, you should be able to see all data.

Hope it helps!

Víctor.


To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/4a627f0c-665e-471f-8776-3403a7c39643n%40googlegroups.com.

Rabail Naseer

unread,
Apr 27, 2021, 6:12:49 AM4/27/21
to Wazuh mailing list
Thank you Victor it helps 
Reply all
Reply to author
Forward
0 new messages