cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
945
Views
5
Helpful
3
Replies

Splunk permission for ANC using pxGrid

mikoconn
Cisco Employee
Cisco Employee

Hi,

We have two users in Splunk, one Admin, one Power User. The Admin can quarantine endpoints using pxGrid workflow actions but the Power User gets an authorisation error that appears to refer to a passwords file.

External search command 'pxgremediate' returned error code 1. Script output = "ERROR Could not get Splunk_TA_cisco-ise credentials from splunk. Error: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_cisco-ise/admin/passwords "

Please could you tell me if there is a way of getting the Power User, or any non-Admin user, to be able to initiate pxGrid actions without upgrading them to Admin?

Thanks,

Mike.