cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

704
Views
5
Helpful
3
Replies
mikoconn
Cisco Employee

Splunk permission for ANC using pxGrid

Hi,

We have two users in Splunk, one Admin, one Power User. The Admin can quarantine endpoints using pxGrid workflow actions but the Power User gets an authorisation error that appears to refer to a passwords file.

External search command 'pxgremediate' returned error code 1. Script output = "ERROR Could not get Splunk_TA_cisco-ise credentials from splunk. Error: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_cisco-ise/admin/passwords "

Please could you tell me if there is a way of getting the Power User, or any non-Admin user, to be able to initiate pxGrid actions without upgrading them to Admin?

Thanks,

Mike.

1 ACCEPTED SOLUTION

Accepted Solutions

mike thanks, from an offline discussion

The permission needed is list_storage_passwords, which gives the user permission to read all passwords for all apps on that Splunk instance (but not user passwords for logging into the Splunk UI). There’s no per-app security control in Splunk. So, there are some nasty security implications if there are several different user communities using different apps, but that’s not our case. I go the answer from https://answers.splunk.com/answers/536336/ive-created-a-custom-splunk-app-that-has-passwords.html.

View solution in original post

3 REPLIES 3
kthiruve
Cisco Employee

HI Mike,

Does the power user have UI permissions in ISE? You can use RBAC permissions for this and assign the right group for UI and data level access.

Thanks

Krishnan

Hi Krishnan,

Thanks for getting back to me.  The Splunk admin has found the permission needed to pull in the password and it's now working.

Regards,

Mike.

mike thanks, from an offline discussion

The permission needed is list_storage_passwords, which gives the user permission to read all passwords for all apps on that Splunk instance (but not user passwords for logging into the Splunk UI). There’s no per-app security control in Splunk. So, there are some nasty security implications if there are several different user communities using different apps, but that’s not our case. I go the answer from https://answers.splunk.com/answers/536336/ive-created-a-custom-splunk-app-that-has-passwords.html.

View solution in original post

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel