Splunk® IT Service Intelligence

Administration Manual

Acrobat logo Download manual as PDF


Splunk IT Service Intelligence version 4.0.x reached its End of Life on January 19, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Plan an upgrade of IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. Click here for the latest version.
Acrobat logo Download topic as PDF

Add capabilities to a role in ITSI

When you create a user in ITSI you assign that user to one role. See Configure users and roles in ITSI for more information.

Each role contains a set of capabilities. You can add or edit capabilities for new, existing, and default roles. For example, you might give a role the capability to create a shared glass table or delete a KPI base search.

For a list of ITSI roles, inheritance, and capabilities, see ITSI role capabilities.

List of capabilities

This list shows the capabilities that you can add to any role.

Capabilities are subject to change. For the most up-to-date list of capabilities, see $SPLUNK_HOME/etc/apps/SA-ITOA/default/authorize.conf. For information about the capabilities assigned to ITSI roles, see Configure access controls.

A write capability implies create and update. Delete is its own capability.

SA-ITOA Object type Capability name Capability description
RBAC Permissions Configuration configure_perms Ability to configure Role Based Access Control on shared service analyzers, deep dives, glass tables, correlation searches, and notable event aggregation policies.
Service/KPIs/Entity read_itsi_service *Ability to read service-based information in Service Analyzer.
* Ability to pull in service based information on a glass table or deep dive.
* Listing of services and entities in their lister pages.
write_itsi_service * Ability to create a service.
* Ability to create a KPI.
* Ability to create an entity.
* Ability to bulk import entities/services via CSV file or via search and set dependencies.
delete_itsi_services Ability to delete a service/KPI/entity.
Service Templates read_itsi_base_service_template Ability to view a service template.
write_itsi_base_service_template Ability to create a service template.
delete_itsi_base_service_template Ability to delete a service template.
KPIs Temporary (KPIs with time policies enabled) read_itsi_temporary_kpi Ability to read a KPI with time policy.
write_itsi_temporary_kpi Ability to create a KPI with time policy.
delete_itsi_temporary_kpi Ability to delete a KPI with time policy.
KPI Base Searches read_itsi_kpi_base_search Ability to read a KPI base search.
write_itsi_kpi_base_search Ability to write a KPI base search.
delete_itsi_kpi_base_search Ability to delete a KPI base search.
KPI Threshold Templates read_itsi_kpi_threshold_template Ability to read KPI threshold template type objects.
write_itsi_kpi_threshold_template Ability to write a custom KPI threshold template.
delete_itsi_kpi_threshold_template Ability to delete a KPI threshold template.
Backup/Restore read_itsi_backup_restore Ability to read backup/restore page.
write_itsi_backup_restore Ability to create a backup/restore job.
delete_itsi_backup_restore Ability to delete a backup/restore job.
Glass Table read_itsi_glass_table Ability to view shared glass tables.
write_itsi_glass_table Ability to create a shared glass table.
delete_itsi_glass_table Ability to delete a shared glass table.
interact_with_itsi_glass_table Ability to drilldown and interact with glass tables.
Deep Dive read_itsi_deep_dive Ability to view a shared deep dives.
write_itsi_deep_dive * Ability to create a shared deep dive.
* Ability to create a shared deep dive as a clone from a private deep dive.
delete_itsi_deep_dive Ability to delete a shared deep dive.
interact_with_itsi_deep_dives Ability to drilldown and interact with deep dives.
read_itsi_deep_dive_context Ability to drill down to an automatically generated (unnamed) deep dive object.
write_itsi_deep_dive_context Ability to drill down to an automatically generated (unnamed) deep dive object for the first time.
delete_itsi_deep_dive_context Ability to delete an automatically generated (unnamed) deep dive object.
interact_with_itsi_deep_dives_context Ability to drilldown and interact in deep dives context.
Service Analyzer read_itsi_homeview Ability to read service analyzer type object. Triggered on opening the Service Analyzer page (or the ITSI app).
write_itsi_homeview Ability to write a service analyzer type object. Triggered on opening the Service Analyzer page (or the ITSI app) for the first time.
delete_itsi_homeview Ability to delete a service analyzer type object. Never triggered.
interact_with_itsi_homeview Ability to drilldown and interact with service analyzer.
Correlation Search read_itsi_correlation_search Ability to read correlation searches.
write_itsi_correlation_search Ability to write a correlation search.
delete_itsi_correlation_search Ability to delete a correlation search.
interact_with_itsi_correlation_search Ability to interact with a correlation search.
Event Management State read_itsi_event_management_state Ability to read Episode Review dashboards.
write_itsi_event_management_state Ability to save an Episode Review dashboard.
delete_itsi_event_management_state Ability to delete an Episode Review dashboard.
Notable Event read-notable_event Ability to read a notable event.
write-notable_event Ability to modify a notable event on index. Requires delete_by_keyword and edit_token_http capabilities to be enabled.
delete-notable_event Ability to delete an episode.
Notable Event Aggregation Policy read_itsi_notable_event_aggregation_policy Ability to read a notable event aggregation policy.
write_itsi_notable_event_aggregation_policy Ability to write a notable event aggregation policy.
delete_itsi_notable_event_aggregation_policy Ability to delete a notable event aggregation policy.
edit_default_itsi_notable_aggregation_policy Ability to edit the default notable event aggregation policy.
interact_with_itsi_notable_aggregation_policy Ability to interact with notable event aggregation policies.
Episode actions read-notable_event_action Ability to read an episode action.
execute-notable_event_action Ability to run an episode action.
Maintenance windows read-maintenance_calendar Ability to read a maintenance window.
write-maintenance_calendar Ability to write a maintenance window.
delete-maintenance_calendar Ability to delete a maintenance window.
ITSI Module interface read-module_interface Ability to view the modules on the ITSI Modules lister page and read KPIs provided by modules when creating services.
write-module_interface Ability to create an ITSI module and edit KPIs provided by modules.
delete-module_interface Ability to delete an ITSI module and delete KPIs provided by modules.
CSV Import mod input edit_modinput_itsi_csv_import Ability to save the modular input for CSV import.
Teams read_itsi_team Ability to read the objects in a team.
write_itsi_team Ability to create or update the objects in a team.
delete_itsi_team Ability to delete the objects in a team.
Bulk import bulk_import_service_or_entity Ability to create services or entities using bulk import.

A role which has a "service" capability has analogous capabilities for the "KPI" and "entity" type objects.

Last modified on 04 June, 2019
PREVIOUS
Configure users and roles in ITSI 		  NEXT
KV store collection permissions in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, 4.1.5

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters