Splunk® IT Service Intelligence

Administration Manual

Acrobat logo Download manual as PDF

Splunk IT Service Intelligence version 4.0.x reached its End of Life on January 19, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Plan an upgrade of IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. Click here for the latest version.
Acrobat logo Download topic as PDF

Restrict access to objects in ITSI

ITSI lets you set read/write permissions for the following types of ITSI objects:

  • Service analyzers
  • Glass tables
  • Deep dives
  • Correlation searches
  • Multi-KPI alerts
  • Notable event aggregation policies

These permissions determine which user roles have read or write access to specific objects that have been created, such as a shared service analyzer view, a shared glass table, or a correlation search.

These permissions apply to shared objects (as opposed to private ones). Private objects can be created by a user for use only by that user. To set permissions to a private service analyzer, glass table, or deep dive, clone and save the object with Shared in App permissions. The other object types (correlation searches, multi-KPI alerts, and notable event aggregation policies) are shared by default.


    • To set permissions for ITSI roles, your role must be assigned the configure_perms capability. By default, the itoa_admin and itoa_team_admin roles have the configure_perms capability.
    • Before you can set permissions to ITSI objects for a role, the role must have the proper capabilities assigned. For more information, see ITSI role capabilities in this manual.


  1. On the lister page for the object type (service analyzer, glass table, deep dive, correlation search, or notable event aggregation policy), click Edit under the Actions column for the object and select Edit Permissions.
  2. Assign read/write permissions to ITSI roles for the object.
  3. Click Save.
Last modified on 07 December, 2018
KV store collection permissions in ITSI
Overview of service-level permissions in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters