Solved: Allow non-Splunk Admins to add the ServiceNow acti...

mjones1 · ‎05-22-2024

We have this stood up and working...sort of. Splunk Admins can configure alerts to add the "ServiceNow Incident Integration" action, and we can create Incidents in Splunk.

The problem is, we have a lot of development teams that create/maintain their own alerts in Splunk. When they go to add this action, they're not able to select the account to use when configuring the action...because they don't have read permission to the account. Even if an Admin goes in and configures the action, it won't work at run-time, because the alert runs under the owner's permissions...which can't read the credentials to use to call ServiceNow.

Has anyone else ran into this issue? How can this be setup to allow non-Admins to maintain alerts?

Rdm · ‎07-25-2024

I faced this same issue. Resolved it by adding list_storage_passwords capability to Non-admin Role

View solution in original post

mjones1 · ‎07-29-2024

Yeah, that is the solution we ended up with as well.

Rdm · ‎07-25-2024

I faced this same issue. Resolved it by adding list_storage_passwords capability to Non-admin Role

Allow non-Splunk Admins to add the ServiceNow action to alerts

administration

configuration

Mastering Data Pipelines: Unlocking Value with Splunk

The Latest Cisco Integrations With Splunk Platform!

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk