|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Core Appliance, Security Analytics UI
RSA Version/Condition: 10.4.x
O/S Version: EL5, EL6
|Issue||When adding a new Users and Roles in the Security Analytics UI, the user/role is not automatically replicated in each appliance. Therefore, when trying to Investigate on a Concentrator with a user that only exists on the SA Server, an error will be reported.|
See the example error below that was reported when a test user and group were added only to the Security Analytics UI and then that user attempted to perform an investigation against a core appliance.
2015-01-13 17:16:06,353 [XXXX] WARN com.rsa.netwitness.carlos.clients.nextgen.nw.NwClientPipeBase - 127.0.0.1:56003 received error: User test trusted login does not contain any matching groups group_test and cannot be authenticated
|Cause||This issue is by design and is not a defect. Security Analytics 10.4 uses a trusted connections model for most UI -> Core connectivity.|
This means that the UI is authoritative for users and you don't need to create them on core services, except for aggregation and Reporting Engine data source accounts.
However, the role must still be defined in both the UI and Core, and this does not happen automatically.
One only has to define a custom role once on a service and you should mostly be able to forget about it.
There are plans in a future release to move to a fully-centralized model with no dependencies on service security.
|Resolution||To resolve the issue, manually create the user on each appliance against which the user will be investigating.|
Reference the two pages below from the Security Analytics 10.4 User Guide for assistance in doing this.
You can refer to the below guides for Role and Users Management: