Disable options in wazuh manager

[Prajapati Hitesh]

Hi,

Can you guide how to disable management directory, Dev Tools, Security and setting option for read only user in wazuh management 4.0.

[Lucas Pascual]

Hello, hope you are doing well!
Please find the reference for creating a read only user below:

Reference: Authentication and authorization - Your environment

============================================================================================================

Role-based access control (RBAC) adds the capability to control access to different endpoints and resources through the Wazuh API based on privileges to users.
Both Policies and Users are assigned to Roles, so users will be able to see and do only certain actions on specified resources that have previously been established.

============================================================================================================
When you log in with your new read only user, you should, for example, see the “Add new group“ grayed out.

Hope this helps.

Regards.

[Prajapati Hitesh]

Hi Lucas,

I am using wazuh 4.0 version. Reference document already followed by me but readonly user is able to create and delete group. In kibna only security option is hide using readonly role. 

[Prajapati Hitesh]

I want greyout other option for read only user like group add, agent add, security etc. But i am not able to do this. Please help to 

[Lucas Pascual]

Hello,
Please note, regarding your comment ...readonly user is able to create and delete group; please test by clearing the browser's cache before switching users, or to use a different browser for the admin and the read only user.
Regarding making Dev Tools not available, I'm afraid that is not supported at this moment.

When possible, please test the admin and read only user access and permissions as suggested above and revert if any issues.
Regards.

[Prajapati Hitesh]

Hi Lucas,

I have two wazuh servers, one name is Wazuh01 and second is Wazuh02. I have created attached policy on both Wazuh servers but it's working only on Wazuh01 server. In Wazuh02 server, kibana security option only hide. User can able to do administration on wazuh02 server. How it's possible.

[Prajapati Hitesh]

I have created policy using attached documents also on Wazuh02 server but not succeed. I have tried multiple policy but read only user policy not working. 

[Lucas Pascual]

Hello,
Thank you for adding the file attached.
I've reviewed the procedure you shared; please try following the steps below for a different/new read only user.

=======================

Link: Authentication and authorization - Your environment

Creating and setting a Wazuh read-only user

Follow these steps to create an internal user, create a new role mapping, and give read-only permissions to the user.

1. Log into your WUI as administrator.

2. Click the upper-left menu icon to open the options, select Security, and then Internal users to open the internal users' page.

3. Click Create internal user, complete the empty fields with the requested information, and click Create to complete the action.

4. To map the user to the appropriate role, follow these steps:

   1. Click the upper-left menu icon to open the options, select Security, and then Roles to open the roles page.

   2. Click Create role, complete the empty fields with the following parameters, and then click Create to complete the task.

      • Name: Assign a name to the role.

      • Cluster permissions: cluster_composite_ops_ro

      • Index: *

      • Index permissions: read

      • Tenant permissions: global_tenant and select the Read only option.

   3. Select the Mapped users tab and click Manage mapping.

   4. Add the user you created in the previous steps and click Map to confirm the action.

5. To map the user with Wazuh, follow these steps:

   1. Go to the Wazuh WUI, click Wazuh to open the menu, select Security, and then Roles mapping to open the page.

   2. Click Create Role mapping and complete the empty fields with the following parameters:

      • Role mapping name: Assign a name to the role mapping.

      • Roles: Select readonly.

      • Internal users: Select the internal user created previously.

   3. Click Save role mapping to save and map the user with Wazuh as read-only.

To add more read-only users, you can skip the role creation task and map the users to the already existing read-only role.
=======================

(Please do remember to clean the browser’s cache or to use a completely different browser at the time of testing)

When you log in with your new read only user, you should, for example, see the “Add new group“ grayed out.

[Prajapati Hitesh]

Hi Lucas,

Still it's not working as per the policy. 

[Lucas Pascual]

Hello,
Thank you for following the steps described above.
Could you please list which permissions you find should not be available for the read only user?. Is the Security section still present?.

Regards.

[Prajapati Hitesh]

Hi Lucas,

I am able to do administration in all options, like : add groups, Edit Configuration as attached pdf.  If read only policy apply then this option goes to unhighlight. Please help me to resolve this issue. 

In kibana security option only not display as per the policy applied.

[Lucas Pascual]

Thank you for sharing your results.
It is definitely not the outcome expected for a correct read only user configuration, below is what's expected as you mentioned.

Is there a chance for you to log with a read only user from another PC?.

[Prajapati Hitesh]

Hi Lucas,

I have created 5 users and mapped with read only role as i created previously. All that users are able to do administration in Wazuh manager.