---
# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles.
# Permissions for Wazuh indexer roles are configured in roles.yml

_meta:
  type: "rolesmapping"
  config_version: 2

# Define your roles mapping here

## Demo roles mapping

all_access:
  reserved: false
  backend_roles:
  - "admin"
  description: "Maps admin to all_access"

own_index:
  reserved: false
  users:
  - "*"
  description: "Allow full access to an index named like the username"

logstash:
  reserved: false
  backend_roles:
  - "logstash"

kibana_user:
  reserved: false
  backend_roles:
  - "kibanauser"
  users:
  - "wazuh_user"
  - "wazuh_admin"    
  description: "Maps kibanauser to kibana_user"

readall:
  reserved: false
  backend_roles:
  - "readall"

manage_snapshots:
  reserved: false
  backend_roles:
  - "snapshotrestore"

kibana_server:
  reserved: true
  users:
  - "kibanaserver"

wazuh_ui_admin:
  reserved: true
  hidden: false
  backend_roles: []
  hosts: []
  users:
  - "wazuh_admin"
  - "kibanaserver"
  and_backend_roles: []

wazuh_ui_user:
  reserved: true
  hidden: false
  backend_roles: []
  hosts: []
  users:
  - "wazuh_user"
  and_backend_roles: []