roles mappings don't work

[Дмитрий Петров]

Hi
Using kibana plugin 4.1.5 with Kibana 7.10.2 in docker 
I want deny access to wazuh for regular kibana users and leave access just for "admin" group

Have message 
"For the role mapping to take effect, enable run_as in /usr/share/kibana/data/wazuh/config/wazuh.yml configuration file, restart the Kibana service and clear your browser cache and cookies."

But all it done, container restarted
> docker exec kibana cat /usr/share/kibana/data/wazuh/config/wazuh.yml | grep -vE "^#"

> ---

> xpack.rbac.enabled: true

> run_as: true

> 

> hosts:

> ...............
And browser cleaned (even more - changed host and browser) 

Why I have this message? 

Also, examples shows how to decrease privileges, but no example how to deny access to wazuh at all for some user/group.

Best regards,
Dmitry

[Manuel Camona Perez]

Hi Dmitry,

You enabled the run_as parameter in the wrong place in your wazuh.yml configuration file.

If you have a look to the Kibana step by step installation, you will see that the run_as parameter must be configured in the hosts section:

hosts:

  - default:

     url: https://localhost

     port: 55000

     username: wazuh-wui

     password: wazuh-wui

     run_as: false

     

     

In your case, this parameter may not appear as it is disabled by default, just add it in your API host with the value true.

Here you have more information about the hosts section of the wazuh.yml configuration file.

Try this change and let me know if this works for you.

[Дмитрий Петров]

Thank you, Manuel
Yes, it was my fail - set run_as: true in proper place have effect - now user "elastic" loose admin priveleges in wazuh. It's funny 
I'll found out  what else i missing

пятница, 23 июля 2021 г. в 15:42:07 UTC+3, manuel....@wazuh.com: