Cortex XSOAR Playbook and Automation permission

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex XSOAR Playbook and Automation permission

L1 Bithead

Hi,
I would like to ask for help on how to be able to implement within XSOAR the ability to determine which playbooks and automation can be executed or viewed by the user via the command line (by typing !) while still having the ability for the same user to be able to execute commands within an incident layout when an automation is associated with the change of value of a given field. For example, the user cannot execute the command !setIncident from command line but if it is executed within a playbook or an automation associated with a field within the layout of an incident instead yes, without receiving the error message if only a certain role is associated with the automation.
thank you very much

Regards

1 REPLY 1

L3 Networker

This is possible by setting the corresponding permissions in Settings > Users and Roles > Roles  and by removing the 'Execute potential harmful actions' and 'Run scripts' options. Also the option to 'Create scripts that will run as superuser'.

Here is our official documentation in case you have more questions: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.12/Cortex-XSOAR-Administrator-Guide/Users-...

  • 773 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!