Related Answers
Splunk IT Service Intelligence version 4.0.x reached its End of Life on January 19, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Plan an upgrade of IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence.
Click here for the latest version.
Download topic as PDF
KV store collection permissions in ITSI
The table shows default permissions to KV store collections for ITSI roles. By default, only itoa_admin has read/write/delete access to all ITSI KV store collections. SA-ITOA includes default entries in metadata/default.meta that determine access to KV store collections for ITSI roles. See Set permissions to KV store collections for information.
| Collection name | itoa_admin | itoa_team_admin | itoa_analyst | itoa_user |
|---|---|---|---|---|
| itsi_backfill | read/write/delete | read/write/delete | read | read |
| itsi_backup_restore_queue | read/write/delete | read | - | - |
| itsi_base_service_template | read/write/delete | read | read | read |
| itsi_correlation_search | read/write/delete | read/write/delete | read | read |
| itsi_entity_relationships | read/write/delete | read/write/delete | read | read |
| itsi_entity_relationship_rules | read/write/delete | read/write/delete | read | read |
| itsi_event_management | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_migration | read/write/delete | read/write/delete | read | read |
| itsi_notable_event_aggregation_policy | read/write/delete | read/write/delete | read | - |
| itsi_notable_event_comment | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_event_tag | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_event_ticketing | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_group_user | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_group_system | read/write/delete | read | read | read |
| itsi_pages | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_refresh_queue | read/write/delete | read/write/delete | read | read |
| itsi_services | read/write/delete | read/write/delete | read | read |
| itsi_service_analyzer | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_team | read/write/delete | read | read | read |
| itsi_temp_batch_claimed_action_queue | read/write/delete | read/write/delete | read | read |
| itsi_temporary_storage | read/write/delete | read/write/delete | read | read |
| itsi_user_realnames | read/write/delete | read/write/delete | read | read |
| maintenance_calendar | read/write/delete | read/write/delete | read | read |
| operative_maintenance_log | read/write/delete | read/write/delete | read | read |
| itoa_entity_exchange_entities* | - | - | - | - |
| itoa_entity_exchange_entity_hash* | - | - | - | - |
| itoa_entity_exchange_metadata* | - | - | - | - |
* These are entity exchange collections which are used for integrating entities from the Splunk App for Infrastructure with ITSI. Only the Splunk admin role has access to these collections.
Last modified on 15 November, 2019
|
PREVIOUS Add capabilities to a role in ITSI |
NEXT Restrict access to objects in ITSI |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, 4.1.5
Feedback submitted, thanks!