wazuh/wazuh-indexer-plugins
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-indexer-plugins.git synced 2025-12-11 10:40:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
wazuh-indexer-plugins/docs/ref/security/access-control.md
Kevin Ledesma 65922e6ace
Add documentation for default users and roles (RBAC) (#535) 
* Add documentation for User and Roles

* Add Security Plugin and Configuration Files sections

Move the documentation to the corresponding files

* Update CHANGELOG

* Apply suggestions from code review

Signed-off-by: Álex Ruiz Becerra <alex-r-b@hotmail.com>

* Improve security plugin and access control documentation

* Update docs/ref/security/access-control.md

Signed-off-by: Kevin Ledesma <kevin.ledesma@wazuh.com>

* Fix typo on docs/ref/security/access-control.md

Signed-off-by: Kevin Ledesma <kevin.ledesma@wazuh.com>

* Review the development documentation for RBAC

* Review reference documentation

---------

Signed-off-by: Álex Ruiz Becerra <alex-r-b@hotmail.com>
Signed-off-by: Kevin Ledesma <kevin.ledesma@wazuh.com>
Co-authored-by: Álex Ruiz Becerra <alejandro.ruiz.becerra@wazuh.com>
2025-07-04 13:50:52 +02:00

3.4 KiB
Raw Blame History

Access Control

Wazuh Indexer uses the OpenSearch Security plugin to manage access control and security features. This allows you to define users, roles, and permissions for accessing indices and performing actions within the Wazuh Indexer.

You can find a more detailed overview of the OpenSearch Security plugin in the OpenSearch documentation.

Wazuh default Internal Users

Wazuh defines internal users and roles for the different Wazuh components to handle index management.

These default users and roles definitions are stored in the internal_users.yml, roles.yml, and roles_mapping.yml files on the /etc/wazuh-indexer/opensearch-security/ directory.

Find more info about the configurations files in the Configuration Files section.

Users

User Description Roles
wazuh-server User for the Wazuh Server with read/write access to stateful indices and write-only access to stateless indices. stateless-write, stateful-delete, stateful-write, stateful-read
wazuh-dashboard User for Wazuh Dashboard with read access to stateful and stateless indices, and management level permissionsfor the monitoring indices. sample-data-management, metrics-write, metrics-read, stateless-read, stateful-read

Roles

Role Name Access Description Index Patterns Permissions
stateful-read Grants read-only permissions to stateful indices. wazuh-states-* read
stateful-write Grants write-only permissions to stateful indices. wazuh-states-* index
stateful-delete Grants delete permissions to stateful indices. wazuh-states-* delete
stateless-read Grants read-only permissions to stateless indices. wazuh-alerts*, wazuh-archives* read
stateless-write Grants write-only permissions to stateless indices. wazuh-alerts*, wazuh-archives* index
metrics-read Grants read permissions to metrics indices. wazuh-monitoring*, wazuh-statistics* read
metrics-write Grants write permissions to metrics indices. wazuh-monitoring*, wazuh-statistics* index
sample-data-management Grants full permissions to sample data indices. *-sample-* data_access, manage