Skip to content
  • There are no suggestions because the search field is empty.

RSA Security Analytics - Exporting logs from investigation - 'Error retrieving logs from service: User does not have a required permission'

Issue

While exporting logs from SA UI investigation, below error is displayed in job status:

Error retrieving logs from service: User does not have a required permission

Cause

This error is caused if the user doesn't have sufficient permissions i.e. 

sdk.meta : Allows the user to run queries in the Investigation and Reporting applications and to view the metadata returned by the query.
sdk.content  : Allows the user to access raw packets and logs from any client application (Investigations and Reporting).
sdk.packets : Allows users to access raw packets and logs from any client application.

Resolution

To resolve this issue, follow the below instructions:
  • Go to Administration -> Services -> Concentrator -> Security View
  • Go to the particular role of that user.
  • Grant below permissions to that role:
​          sdk.content
          sdk.meta
          sdk.packets
  • Restart nwconcentrator service.
Same steps need to be followed on the decoder:
  • Go to Administration -> Services -> Decoder -> Security View
  • Go to the particular role of that user
  • Grant below permissions to that role
​          sdk.content 
          sdk.meta
          sdk.packets
  • Restart nwdecoder service.

Product Details

NetWitness Product Set: NetWitness Platform
NetWitness Product/Service Type: All Nodes
NetWitness Version/Condition: 12.x
Platform: CentOS/Alma Linux

Approval Reviewer Queue

Technical approval queue