Add capabilities to a role in ITSI
When you create a user in ITSI you assign that user to one role. See Configure users and roles in ITSI for more information.
Each role contains a set of capabilities. You can add or edit capabilities for new, existing, and default roles. For example, you might give a role the capability to create a shared glass table or delete a KPI base search.
For a list of ITSI roles, inheritance, and capabilities, see ITSI role capabilities.
List of capabilities
This list shows the capabilities that you can add to any role.
Capabilities are subject to change. For the most up-to-date list of capabilities, see
$SPLUNK_HOME/etc/apps/SA-ITOA/default/authorize.conf. For information about the capabilities assigned to ITSI roles, see Configure access controls.
A write capability implies create and update. Delete is its own capability.
|SA-ITOA Object type||Capability name||Capability description|
|RBAC Permissions Configuration||configure_perms||Ability to configure Role Based Access Control on shared service analyzers, deep dives, glass tables, correlation searches, and notable event aggregation policies.|
|Service/KPIs/Entity||read_itsi_service||*Ability to read service-based information in Service Analyzer.|
* Ability to pull in service based information on a glass table or deep dive.
* Listing of services and entities in their lister pages.
|write_itsi_service||* Ability to create a service.|
* Ability to create a KPI.
* Ability to create an entity.
* Ability to bulk import entities/services via CSV file or via search and set dependencies.
|delete_itsi_services||Ability to delete a service/KPI/entity.|
|Service Templates||read_itsi_base_service_template||Ability to view a service template.|
|write_itsi_base_service_template||Ability to create a service template.|
|delete_itsi_base_service_template||Ability to delete a service template.|
|KPIs Temporary (KPIs with time policies enabled)||read_itsi_temporary_kpi||Ability to read a KPI with time policy.|
|write_itsi_temporary_kpi||Ability to create a KPI with time policy.|
|delete_itsi_temporary_kpi||Ability to delete a KPI with time policy.|
|KPI Base Searches||read_itsi_kpi_base_search||Ability to read a KPI base search.|
|write_itsi_kpi_base_search||Ability to write a KPI base search.|
|delete_itsi_kpi_base_search||Ability to delete a KPI base search.|
|KPI Threshold Templates||read_itsi_kpi_threshold_template||Ability to read KPI threshold template type objects.|
|write_itsi_kpi_threshold_template||Ability to write a custom KPI threshold template.|
|delete_itsi_kpi_threshold_template||Ability to delete a KPI threshold template.|
|Backup/Restore||read_itsi_backup_restore||Ability to read backup/restore page.|
|write_itsi_backup_restore||Ability to create a backup/restore job.|
|delete_itsi_backup_restore||Ability to delete a backup/restore job.|
|Glass Table||read_itsi_glass_table||Ability to view shared glass tables.|
|write_itsi_glass_table||Ability to create a shared glass table.|
|delete_itsi_glass_table||Ability to delete a shared glass table.|
|interact_with_itsi_glass_table||Ability to drilldown and interact with glass tables.|
|Deep Dive||read_itsi_deep_dive||Ability to view a shared deep dives.|
|write_itsi_deep_dive||* Ability to create a shared deep dive.|
* Ability to create a shared deep dive as a clone from a private deep dive.
|delete_itsi_deep_dive||Ability to delete a shared deep dive.|
|interact_with_itsi_deep_dives||Ability to drilldown and interact with deep dives.|
|read_itsi_deep_dive_context||Ability to drill down to an automatically generated (unnamed) deep dive object.|
|write_itsi_deep_dive_context||Ability to drill down to an automatically generated (unnamed) deep dive object for the first time.|
|delete_itsi_deep_dive_context||Ability to delete an automatically generated (unnamed) deep dive object.|
|interact_with_itsi_deep_dives_context||Ability to drilldown and interact in deep dives context.|
|Service Analyzer||read_itsi_homeview||Ability to read service analyzer type object. Triggered on opening the Service Analyzer page (or the ITSI app).|
|write_itsi_homeview||Ability to write a service analyzer type object. Triggered on opening the Service Analyzer page (or the ITSI app) for the first time.|
|delete_itsi_homeview||Ability to delete a service analyzer type object. Never triggered.|
|interact_with_itsi_homeview||Ability to drilldown and interact with service analyzer.|
|Correlation Search||read_itsi_correlation_search||Ability to read correlation searches.|
|write_itsi_correlation_search||Ability to write a correlation search.|
|delete_itsi_correlation_search||Ability to delete a correlation search.|
|interact_with_itsi_correlation_search||Ability to interact with a correlation search.|
|Event Management State||read_itsi_event_management_state||Ability to read Episode Review dashboards.|
|write_itsi_event_management_state||Ability to save an Episode Review dashboard.|
|delete_itsi_event_management_state||Ability to delete an Episode Review dashboard.|
|Notable Event||read-notable_event||Ability to read a notable event.|
|write-notable_event||Ability to modify a notable event on index. Requires delete_by_keyword and edit_token_http capabilities to be enabled.|
|delete-notable_event||Ability to delete an episode.|
|Notable Event Aggregation Policy||read_itsi_notable_event_aggregation_policy||Ability to read a notable event aggregation policy.|
|write_itsi_notable_event_aggregation_policy||Ability to write a notable event aggregation policy.|
|delete_itsi_notable_event_aggregation_policy||Ability to delete a notable event aggregation policy.|
|edit_default_itsi_notable_aggregation_policy||Ability to edit the default notable event aggregation policy.|
|interact_with_itsi_notable_aggregation_policy||Ability to interact with notable event aggregation policies.|
|Episode actions||read-notable_event_action||Ability to read an episode action.|
|execute-notable_event_action||Ability to run an episode action.|
|Maintenance windows||read-maintenance_calendar||Ability to read a maintenance window.|
|write-maintenance_calendar||Ability to write a maintenance window.|
|delete-maintenance_calendar||Ability to delete a maintenance window.|
|ITSI Module interface||read-module_interface||Ability to view the modules on the ITSI Modules lister page and read KPIs provided by modules when creating services.|
|write-module_interface||Ability to create an ITSI module and edit KPIs provided by modules.|
|delete-module_interface||Ability to delete an ITSI module and delete KPIs provided by modules.|
|CSV Import mod input||edit_modinput_itsi_csv_import||Ability to save the modular input for CSV import.|
|Teams||read_itsi_team||Ability to read the objects in a team.|
|write_itsi_team||Ability to create or update the objects in a team.|
|delete_itsi_team||Ability to delete the objects in a team.|
|Bulk import||bulk_import_service_or_entity||Ability to create services or entities using bulk import.|
A role which has a "service" capability has analogous capabilities for the "KPI" and "entity" type objects.
Configure users and roles in ITSI
KV store collection permissions in ITSI
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, 4.1.5