000032868 - RSA Security Analytics - Exporting logs from investigation - 'Error retrieving logs from service: User does not have a required permission'

Document created by RSA Customer Support Employee on Jun 30, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032868
Applies ToRSA Product Set: RSA Security Analytics
RSA Product/Service Type: Concentrator
RSA Version/Condition: 10.6
Platform: CentOS
O/S Version: EL6
IssueWhile exporting logs from SA UI investigation, below error is displayed in job status:
Error retrieving logs from service: User does not have a required permission
CauseThis error is caused if the user doesn't have sufficient permissions i.e. 
sdk.meta : Allows the user to run queries in the Investigation and Reporting applications and to view the metadata returned by the query.
sdk.content  : Allows the user to access raw packets and logs from any client application (Investigations and Reporting).
sdk.packets : Allows users to access raw packets and logs from any client application.
ResolutionTo resolve this issue, follow the below instructions:
  • Go to Administration -> Services -> Concentrator -> Security View
  • Go to the particular role of that user.
  • Grant below permissions to that role:
         sdk.content
          sdk.meta
          sdk.packets
  • Restart nwconcentrator service.
Same steps need to be followed on the decoder:
  • Go to Administration -> Services -> Decoder -> Security View
  • Go to the particular role of that user
  • Grant below permissions to that role
         sdk.content 
          sdk.meta
          sdk.packets
  • Restart nwdecoder service.

Attachments

    Outcomes