Give a user permissions to read and manage a group of agents

[Satiswaran Selva Sakeram]

I wanted to create an account for my team to view alerts from an agent assigned to that particular team, i followed this guide to create the account 

https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html#use-case-give-a-user-permissions-to-read-and-manage-a-group-of-agents

but after creating the user account, i dont see any alerts related to this account, but i can i still see it from the admin account

Thanks, 

Satis

[Aditya Sharma]

Hi Team,

It sounds like there might be an issue with the RBAC (Role-Based Access Control) configuration or how the user permissions are set up for the new account. Here are a few steps you can take to troubleshoot and resolve this issue:

1. Verify the User Role and Permissions:
   - Ensure that the user role assigned to the new account has the appropriate permissions to view alerts. This includes:
     - Read permissions for the specific agents or groups.
     - Access to the alerts module in the Wazuh web interface.

2. Check Agent Group Assignment:
   - Make sure the agents are correctly assigned to the group that the new user has permission to access. You can verify this in the Wazuh web interface by checking the agent's group assignment.

3. Review the RBAC Rules:
   - Double-check the RBAC rules you created to ensure that they are correctly configured to allow access to the alerts for the specific agents.
   - Ensure that the rule is not too restrictive and that it covers the necessary alert types.

4. Inspect the Role Mapping:
   - Confirm that the user account is correctly mapped to the role you configured. If there’s a mismatch, the user might not have the permissions you intended.

5. Test with a Different Agent:
   - Try assigning a different agent or group to the user to see if the alerts become visible. This can help determine if the issue is with the specific agent or group configuration.

6. Check for Any Error Messages:
   - Look at the Wazuh logs for any error messages related to RBAC or user permissions when the user attempts to access the alerts.

7. Review Documentation and Examples:
   - Revisit the [RBAC documentation](https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html) and compare your configuration with the examples provided. There might be a small detail that was missed.

I hope this helps you.

[Satiswaran Selva Sakeram]

Hi Aditya,

For the first point, how do i give permission to access to the alerts module in wazuh web interface

Thanks.

[Aditya Sharma]

Hi Team,

Can you please let me know what exact steps you are following to give the permissions?

Reference: https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html#use-case-give-a-user-permissions-to-read-and-manage-a-group-of-agents

[Aditya Sharma]

Hi Team,

The error is related to misconfigured permissions. If possible, please attach some screenshots of all the configs you’ve created to create these users so I can review them (both on the OpenSearch and Wazuh sides).

I’ll attach here a detailed step-by-step guide on how to create internal users:

Regards

[Satiswaran Selva Sakeram]

Hi Aditya, 

Issue has been resolved, under indexer management > security > roles > index permissions > wazuh-alerts-*> document-level security, i changed the agent group to agent id and the issue has been fixed

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/rErtsnwar84/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/41d3848b-d90f-487e-9629-2b1ee109bba5n%40googlegroups.com.