000034812 - Newly created custom roles for a service do not also replicate to the nwappliance service when 'Duplicate Role' button is used in RSA Security Analytics

Document created by RSA Customer Support Employee on Mar 9, 2017Last modified by RSA Customer Support on Dec 9, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000034812
Applies ToRSA Product Set: Security Analytics, NetWitness Logs & Packets
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 10.5.x, 10.6.x
IssueNewly created custom roles for a service do not also replicate to the nwappliance service when 'Duplicate Role' button is used.
This option is found in Administration > Services > Select a service which is also on the device/host > View\Security > Roles tab and select the 'Duplicate Role' button.
Click the Duplicate button to create a duplicated administrators or operators role
From the service go to View\Explore:
Comparing the contents of /users/groups to /deviceappliance/users/groups:
Explore /Deviceappliance/users/groups
Only Administrators and Operators groups exist

Note: The new custom duplicated role (e.g. DuplicateAdminRole) has not been replicated to nwappliance and all that is seen are the default Administrators and Operators roles.

CauseThis is a known issue. Please use the workaround below to resolve the problem.
WorkaroundYou can create the custom duplicated role in explore mode by expanding out /deviceappliance/users, right clicking on groups and selecting properties:
In other words, selecting Properties on /deviceappliance/users/groups.
Then, select add in the drop down method list and in the Parameters field input the name parameter (Group Name) and roles parameters and click Send.
Example Parameters (for nwappliance service on a Packet Decoder):

name="DuplicateAdminRole" roles="connections.manage,database.manage,decoder.manage,dpo.manage,index.manage,logs.manage,parsers.manage,rules.manage,sdk.content,sdk.manage,sdk.meta,sdk.packets,services.manage,storedproc.execute,storedproc.manage,sys.manage,aggregate,users.manage"

The Response Output would be (if roles copied from the decoder service):

The group DuplicateAdminRole was added successfully, but the following invalid roles were removed: aggregate, database.manage, decoder.manage, dpo.manage, index.manage, parsers.manage, rules.manage, sdk.content, sdk.manage, sdk.meta, sdk.packets

Note: If you can see the custom group /users/groups, you can copy the roles for use in double quotes of the roles parameter in the above command.