Splunk® IT Service Intelligence

Administration Manual

ITSI capabilities reference

This table lists ITSI capabilities for each default role. When you create a user in ITSI, you assign that user one or more roles. Each role contains a set of capabilities. You can add or edit capabilities for new, existing, and default roles. For example, you might give a role the capability to create a shared glass table or delete a KPI base search. A write capability implies create and update. Delete is its own capability. If you modify the capabilities for custom roles, you also need to assign the role proper view-level access. For instructions, see Assign the role proper view-level access.

Capabilities are subject to change. For the most up-to-date list of capabilities, see $SPLUNK_HOME/etc/apps/SA-ITOA/default/authorize.conf. For information about the capabilities assigned to ITSI roles, see Restrict access to objects in ITSI. This capability reference only shows capabilities corresponding to each default role. Custom roles can inherit a default role along with that role's capabilities. To learn more about the relationship between default and custom roles, see Custom roles for teams.

A role that has a service capability has analogous capabilities for the KPI and entity type objects.

SA-ITOA Object type Capability name Capability description itoa_user itoa_analyst itoa_team_admin itoa_admin
RBAC Permissions
Configuration 		configure_perms Configure role based access control on shared service analyzers, deep dives, glass tables, correlation searches, and notable event aggregation policies. X X
Service/KPIs/Entity read_itsi_service Read service-based information in service analyzers, pull in service-based information on a glass table or deep dive, and list services and entities. X X X X
write_itsi_service Create a service, KPI, and entity, and bulk import entities and services. X X
delete_itsi_services Delete a service, KPI, or entity. X X
Service Templates read_itsi_base_service_template View a service template. X X X X
write_itsi_base_service_template Create a service template. X
delete_itsi_base_service_template Delete a service template. X
Temporary KPIs read_itsi_temporary_kpi Read a KPI with time policy. X X X X
write_itsi_temporary_kpi Create a KPI with time policy. X X X X
delete_itsi_temporary_kpi Delete a KPI with time policy. X X X X
KPI Base Searches read_itsi_kpi_base_search Read a KPI base search. X X X X
write_itsi_kpi_base_search Write a KPI base search. X X
delete_itsi_kpi_base_search Delete a KPI base search. X X
KPI Threshold Templates read_itsi_kpi_threshold_template Read KPI threshold template type objects. X X X X
write_itsi_kpi_threshold_template Write a custom KPI threshold template. X X
delete_itsi_kpi_threshold_template Delete a KPI threshold template. X X
create_external_ticket Create a ticket in a third-party ticketing system. X X
Backup/Restore read_itsi_backup_restore Read backup/restore page. X
write_itsi_backup_restore Create a backup/restore job. X
delete_itsi_backup_restore Delete a backup/restore job. X
Glass Table read_itsi_glass_table View shared glass tables. X X X X
write_itsi_glass_table Create and edit a shared glass table. Does not include the ability to drill down in view mode. X X X
delete_itsi_glass_table Delete a shared glass table. X X X
interact_with_itsi_glass_table Drill down and interact with glass tables. X X X X
Deep Dive read_itsi_deep_dive View a shared deep dive. X X X X
write_itsi_deep_dive Create a shared deep dive. X X X
delete_itsi_deep_dive Delete a shared deep dive. X X X
interact_with_itsi_deep_dives Drill down and interact with deep dives. X X X X
read_itsi_deep_dive_context Drill down to an automatically-generated deep dive object. X X X X
write_itsi_deep_dive_context Drill down to an automatically-generated deep dive object for the first time. X X X X
delete_itsi_deep_dive_context Delete an automatically-generated deep dive object. X X X X
interact_with_itsi_deep_dives_context Drill down and interact in deep dives context. X X X X
Service Analyzer read_itsi_homeview Read service analyzers. X X X X
write_itsi_homeview Create or edit a service analyzer. X X X X
delete_itsi_homeview Delete a service analyzer. X X X X
interact_with_itsi_homeview Drill down and interact with a service analyzer. X X X X
Correlation Search read_itsi_correlation_search Read a correlation search. X X X
write_itsi_correlation_search Edit a correlation search. X X
delete_itsi_correlation_search Delete a correlation search. X X
interact_with_itsi_correlation_search Drill down and interact with a correlation search. X X
Event Management State read_itsi_event_management_state Read Episode Review dashboards. X X X X
write_itsi_event_management_state Save an Episode Review dashboard. X X X X
delete_itsi_event_management_state Delete an Episode Review dashboard. X X X X
interact_with_itsi_event_management_state Drill down and interact with an Episode Review dashboard. X X X X
Event management edit_token_http Run an episode action, and update episode owner, severity, and status. X X X
Notable Event read-notable_event Read a notable event. X X X X
write-notable_event Modify a notable event on index. Requires delete_by_keyword and edit_token_http capabilities to be enabled. X X X
delete-notable_event Delete an episode. X X X
Notable Event
Aggregation Policy 		read_itsi_notable_aggregation_policy Read a notable event aggregation policy. X X X
write_itsi_notable_aggregation_policy Write a notable event aggregation policy. X X
delete_itsi_notable_aggregation_policy Delete a notable event aggregation policy. X X
edit_default_itsi_notable_aggregation_policy Edit the default notable event aggregation policy. X
interact_with_itsi_notable_aggregation_policy Drill down and interact with notable event aggregation policies. X X
Episode actions read-notable_event_action Read an episode action. X X X X
execute-notable_event_action Run an episode action, and update episode owner, severity, and status. X X X
Email templates read_itsi_notable_event_email_template Read an email template. X X X
write_itsi_notable_event_email_template Edit an email template. X X X
delete_itsi_notable_event_email_template Delete an email template. X X X
Maintenance services read-maintenance_calendar Read a maintenance window. X X X X
write-maintenance_calendar Write a maintenance window. X X
delete-maintenance_calendar Delete a maintenance window. X X
delete-module_interface Delete an ITSI module and KPIs provided by modules. X X
CSV Import mod input edit_modinput_itsi_csv_import Save the modular input for CSV import. X
Teams read_itsi_team Read objects for a team. X X X X
write_itsi_team Create or update objects for a team. X
delete_itsi_team Delete objects for a team. X
Bulk import bulk_import_service_or_entity Create services or entities using bulk import. X X
Episode exports read_itsi_event_management_export View CSV downloads for episode exports. X
write_itsi_event_management_export Write CSV downloads for episode exports. X
delete_itsi_event_management_export Delete CSV downloads for episode exports. X
Last modified on 22 April, 2024
Create a custom role in ITSI   KV store collection permissions in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.19.0, 4.19.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters