Hello, hope you are doing well!
Please find the reference for creating a read only user below:
Reference: Authentication and authorization - Your environment
============================================================================================================
Role-based access control (RBAC) adds the capability to control access to different endpoints and resources through the Wazuh API based on privileges to users.
Both Policies and Users are assigned to Roles, so users will be able to see and do only certain actions on specified resources that have previously been established.
============================================================================================================
When you log in with your new read only user, you should, for example, see the “Add new group“ grayed out.
Link: Authentication and authorization - Your environment
Creating and setting a Wazuh read-only user
Follow these steps to create an internal user, create a new role mapping, and give read-only permissions to the user.
Log into your WUI as administrator.
Click the upper-left menu icon to open the options, select Security, and then Internal users to open the internal users' page.
Click Create internal user, complete the empty fields with the requested information, and click Create to complete the action.
To map the user to the appropriate role, follow these steps:
Click the upper-left menu icon to open the options, select Security, and then Roles to open the roles page.
Click Create role, complete the empty fields with the following parameters, and then click Create to complete the task.
Name: Assign a name to the role.
Cluster permissions: cluster_composite_ops_ro
Index: *
Index permissions: read
Tenant permissions: global_tenant and select the Read only option.
Select the Mapped users tab and click Manage mapping.
Add the user you created in the previous steps and click Map to confirm the action.
To map the user with Wazuh, follow these steps:
Go to the Wazuh WUI, click Wazuh to open the menu, select Security, and then Roles mapping to open the page.
Click Create Role mapping and complete the empty fields with the following parameters:
Role mapping name: Assign a name to the role mapping.
Roles: Select readonly.
Internal users: Select the internal user created previously.
Click Save role mapping to save and map the user with Wazuh as read-only.
To add more read-only users, you can skip the role creation task and map the users to the already existing read-only role.
=======================
(Please do remember to clean the browser’s cache or to use a completely different browser at the time of testing)
When you log in with your new read only user, you should, for example, see the “Add new group“ grayed out.