How to create a read-only user for Wazuh GUI access

[mauro....@cmcc.it]

Dear All,

is there a way to create a read-only user for Wazuh GUI access?

At this moment, I can only log into Wazuh GUI using admin user, but my colleagues need to take a look at the Wazuh (and Kibana) dashboards using a read-only user.

I already tried different solutions, but they didn't work.

My Wazuh version is the latest available one.

Thank you,

Mauro

[Raul Del Pozo Moreno]

Hello Mauro!

To create a user to access in read-only mode, you have to perform these steps:

First - Create User
    - Access: Menu -> Security -> Internal Users
    - Press the blue button "Create internal user" and in the window that will be displayed you have to specify:
        - Username
        - Password

Second - Create the role
    - Access: Menu -> Security -> Roles
    - Create new role
        - Give name
        - Cluster permissions -> "read", "kibana_all_read", "indices_all"
        - Index -> "wazuh-*"
        - Index permissions -> "read"

The custom role should look like this, also, note that the user added in the next step is specified.

Third - Map user
    - Access: Menu -> Security -> Roles -> (the role created in step 2)
        - Access the "Mapped Users" tab
        - Add the user created in step 1
    - Access: Menu -> Security -> Roles -> Kibana_user
        - Access the "Mapped Users" tab
        - Add the user created in step 1

Fourth - Modify rbac configuration
    - Modify the file /usr/share/kibana/data/wazuh/config/wazuh.yml
        - Change "run_as: false" to "run_as: true"
        - Restart kibana service -> systemctl restart kibana.service

Fifth - Create wazuh role
    - Access: Menu -> wazuh -> Security -> Roles
    - Create Role
        - Give name
        - Select all available "read" policies (13 in total)
    - You will see that this role has the same policies as "readonly" but it is necessary to create it for permission issues

Sixth - Create Wazuh Role Mapping
    - Access: Menu -> wazuh -> Security -> Role Mapping
        - Create a new Role Mapping
            - Assign name
            - Set role created in step five

            - Add the user created in step 1 to "Map internal users"

Now if you enter with the new user, you should be able to access and have limited creation/modification functions as you can see in these screenshots

And you cant see dashboards:

Please tell me if you have any problem with the steps.
Greetings, Raul.

[Raul Del Pozo Moreno]

Sorry, I just found a typo right after submitting -> "And you can't see dashboards:" is "And you can see dashboards:"

[mauro....@cmcc.it]

Hi Raul,

thank you very much for your help.

It works a charm! And I'm very very happy!

You solved my issue with a single comment :)

I'm going to save your reply in my vault.

Kind Regards,

Mauro

[Raul Del Pozo Moreno]

Hi Mauro,

I'm glad to hear that it has been helpful to you! 

If you have any other questions or problems, either with this thread or with anything else, don't hesitate to ask!

Regards, Raul.