Let me answer you with a guide of the exact steps you should follow in order to achieve this goal, so it can be useful both for you, who already have most of it done, and for the rest of the community that may want to do it from scratch.
These would be the steps:
STEP 1: CREATE A GROUP FOR YOUR AGENTS
This is a very important step I think you are missing. The idea is to add to this group every Agent you want your user to be able to see.
Create the group by accessing Wazuh > Management > Groups > Add new group
It is important to save the name of the group as we will need it. In this example I'm creating a new group called "community".
STEP 2: CREATE AN INTERNAL USER
Note: If you have already created the user you can skip this step.
Go to Security > Internal users and create a new user.
STEP 3: CREATE A KIBANA ROLE
Go to Security > Roles and create a new one with the following permissions:
Then add the following Document level security, replacing the agent.labels value with the name of the group created at step 2 as the label name in the "match_phrase":
STEP 4: CREATE A RBAC POLICY
Go to Wazuh > Security > Policies and create a new one.
You should include the desired allowed actions for that particular user. You will need to specify the agent group name as the Resource Identifier. Take a look at the following example:
STEP 5: CREATE A RBAC ROLE
Go to Wazuh > Security > Roles and create a new role assigning to it the new Policy we created
STEP 6: CONFIGURE WAZUH RBAC IN KIBANA
For the next step you will need to use the wazuh-wui user with run_as enabled. To enable this, access your Kibana host and set the run_as parameter to true in the /usr/share/kibana/data/wazuh/config/wazuh.yml configuration file. Save it and restart the Kibana service. Here is an example of how the configuration file should look after applying this change:
Also make sure you are using RBAC white mode. You can find more information about the white mode and how check if it is enabled here
STEP 7: ADD THE ROLE MAPPING
Finally go to Wazuh > Security > Roles mapping and save a new role mapping using the internal user we created in Step 2 and the role name of the Step 5.
HOW TO TEST THIS
Now it should work as expected. Keep in mind that you probably need to clear your browser cache. Try using incognito mode to see that everything works as you expect.
Here is an example of the results after configuring this to make the agent 002 the only one available for my example user:
As you can see, even I have more agents registered only the 002 is visible for my current user. The same applies to the Wazuh agents alerts.
I hope this helps. Let me know if you have further questions regarding this topic.