Defining Users and Roles
You can create and manage users and roles through the Wazuh Dashboard UI.
Default users and roles cannot be modified. Instead, duplicate them and modify the duplicates.
Creating a New User, Role, and Role Mapping via the Wazuh Dashboard
Prerequisites
- You must be logged in as a user with administrative privileges (e.g.,
admin
).
Follow these steps:
1. Create a Role
- In the Wazuh Dashboard, go to Index Management -> Security -> Roles.
- Click Create role.
- Enter a Role name (e.g.,
custom-read-write
). - Under Cluster permissions, select permissions if needed.
- Under Index permissions:
- Index: e.g.,
wazuh-*
- Index permissions: choose appropriate actions such as:
read
(to allow read access)index
(to allow write access)
- Optionally, configure Document-level security (DLS) or Field-level security (FLS).
- Index: e.g.,
- Click Create to save the role.
2. Create a User
- In the Wazuh Dashboard, go to Index Management -> Security -> Internal users.
- Click Create internal user.
- Fill in the following:
- Username (e.g.,
new-user
) - Password (enter and confirm)
- Description (optional)
- Username (e.g.,
- Click Create to create the user.
3. Verify Role Mapping
When you assign a role to a user during creation, the mapping is created automatically. To review or edit:
- In Security, go to Roles.
- Find and click your role (
custom-read-write
). - Go to Mapped users
- Click Map users.
- Fill in the following:
- Users (e.g.,
new-user
). - Backend roles (optional).
- Users (e.g.,
- Click Map to save the mapping.
4. Test Access
After creating the user and role:
- Log out from the Dashboard.
- Log in with the new user's credentials.
- Navigate to Index Management -> Dev Tools.
- Run a query to test access, such as:
GET /wazuh-*/_search