|Applies To||RSA NetWitness NextGen|
RSA NetWitness NextGen 9.5 and above
RSA NetWitness Decoder
RSA NetWitness Concentrator
RSA NetWitness Hybrid
RSA NetWitness Broker
RSA NetWitness Investigator
|Issue||When connecting to a broker or concentrator with RSA NetWitness Investigator, only the "Decoder Source" report is available.|
When connecting to a Broker or Concentrator with NetWitness Investigator, you only see the "Decoder Source" ("did" meta value) report and no others, as shown in the screenshot below.
This is caused when granular permissions are enabled and not configured for the user's group. NetWitness Appliances have the ability to restrict groups of users using high granularity that allows an administrator to restrict content and/or meta on a per key basis. If this is enabled and not configured, then no keys (meta) are enabled except for the default key "Decoder Source" so when you connect to a Broker or Concentrator with this setting enabled but not configured for your user account all you will see is the "Decoder Source" report and nothing else.
Connect to the Broker or Concentrator in NetWitness Administrator and switch to the "Explorer" view by right-clicking the appliance's Broker or Concentrator service and selecting "Explorer". Navigate to the sdk > config branch and look for the value system.roles. If this is set to anything but "0" then granular permissions are enabled.
If you prefer to have granular permissions enabled then make sure you assigned the proper "meta" and "content" permissions to each group as appropriate or members of that group will see nothing but the "Decoder Source" report by default when connecting to the Broker or Concentrator from NetWitness Administrator.
If you do not need granular permissions, then set system.roles back to "0". This setting change will take effect right away. See example below.
|Legacy Article ID||a58758|