Article Number
000032868
Applies To
RSA Product Set: RSA Security Analytics
RSA Product/Service Type: Concentrator
RSA Version/Condition: 10.6
Platform: CentOS
O/S Version: EL6
Issue
While exporting logs from SA UI investigation, below error is displayed in job status:
Error retrieving logs from service: User does not have a required permission
Cause
This error is caused if the user doesn't have sufficient permissions i.e.
sdk.meta : Allows the user to run queries in the Investigation and Reporting applications and to view the metadata returned by the query.
sdk.content : Allows the user to access raw packets and logs from any client application (Investigations and Reporting).
sdk.packets : Allows users to access raw packets and logs from any client application.
Resolution
To resolve this issue, follow the below instructions:
- Go to Administration -> Services -> Concentrator -> Security View
- Go to the particular role of that user.
- Grant below permissions to that role:
sdk.content sdk.meta sdk.packets
- Restart nwconcentrator service.
Same steps need to be followed on the decoder:
- Go to Administration -> Services -> Decoder -> Security View
- Go to the particular role of that user
- Grant below permissions to that role
sdk.content sdk.meta sdk.packets
- Restart nwdecoder service.
