You do need credentials with more than simple user rights in ePO for tagging operations. If I recall correctly, you need at least "Group Admin" rights.
There are (potentially) 2 different places for ePO credentials. There are credentials in the ePO device config. If you select your ePO device in the system tree, and get properties, and select the Connection tab, you'll see where you can enter your DB credentials, as well as UI credentials. Think of the UI credentials as a set of shared creds that are used by ESM for tagging operations.
You'll also see a checkbox there for "Require User Authentication". If you select that box, then each user will need to supply their own ePO credentials. These will be used for operations performed by individual users (the central creds will still be used by ESM for things not performed by ESM).
You can enter your own user credentials via the "options" menu in the top-right corner. In that dialog, you'll find a tab for ePO Credentials.
Thanks Scott for your reply.
So if I got it correctly, if I do not tick the 'Require Authentication' box. When it needs user auth for checking the epo tagging stuff it'll use the same credentials as de UI ?
I'll ask the ePO admins to give necessary rights for it to work without the need of providing credentials.
You got it.
Awesome Scott, thank you very much!