Splunk® IT Service Intelligence

Administration Manual

Acrobat logo Download manual as PDF

Splunk IT Service Intelligence version 4.0.x reached its End of Life on January 19, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Plan an upgrade of IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. Click here for the latest version.
Acrobat logo Download topic as PDF

Implement service-level permissions in ITSI

This topic is an overview of the steps to implement service-level permissions in ITSI.

Read ITSI Service-level permissions and decide if you have a need to implement service-level permissions for your organization.

If you do not need to implement service-level permissions, there is no need to create roles based on the itoa_team_admin role that is delivered for the purpose of administering teams. You do not need to create any additional teams. Create all services, entities, and KPI base searches in the default Global team. If you upgrade from a previous version, all services and other service-related objects already exist in the Global team by default.


Determine the teams you need to create in ITSI. You can create teams for technology areas or for different departments within your organization. Create a team for every area that needs a separate view of ITSI service-level data or that needs to be administered independently within ITSI.

Implement service-level permissions

  1. Create team admin roles to administer each team and assign users to those roles.
  2. Create the teams and assign read/write permissions to the team admin roles you created.
  3. Create entities and common services in the Global team.
  4. Team admins create the services they need in their assigned teams.

Create roles to administer your teams

After you determine the teams you are going to create in ITSI, create roles to administer the services in each team.

Create a role in the Splunk platform for each ITSI team admin and configure the roles to inherit from the itoa_team_admin role in order to obtain the appropriate capabilities. Then assign users to each team admin role you created.

For example, the Splunk admin creates an itoa_finance_admin role that inherits from the itoa_team_admin role for the administrator of the Finance team. The Splunk admin then assigns the Finance team administrator to the itoa_finance_admin role.

Likewise, create custom roles for the ITSI analysts and users in each team. This allows you to differentiate when assigning permissions to teams. For example, create an itoa_finance_analyst role that inherits from the itoa_analyst role for the analysts in the Finance department. Create an itoa_finance_user role that inherits from the itoa_user role for the users in the Finance department. You can then assign permissions to the Finance team for the itoa_finance_analyst and itoa_finance_user roles without allowing access to analysts and users from other departments.

You must configure the itoa_admin role to inherit from the custom roles you create. Otherwise, the itoa_admin role cannot assign permissions to the custom roles. Alternatively, use the admin role to assign permissions.

Splunk Cloud administrators (using the sc_admin role) need to request Splunk Support to create the custom roles needed for teams.

For information about the itoa_team_admin role's capabilities, see Configure ITSI access controls. For information about creating custom roles, see About configuring role-based user access in the Securing Splunk Enterprise manual.

Create teams

After you create team admin roles and assign users to the roles, you're ready to create the teams. Only users with the itoa_admin role can create a team.

When you create a team, assign read/write access to the team admin role you created for the team. For example, if you create a team called Finance, assign read/write permissions to the itoa_finance_admin role. To create a team, Select Configure > Teams > New Team from the top menu bar in ITSI. See Create teams in this manual for more information.

Create entities and common services in the Global team

The ITSI administrator creates all entities in the Global team. The ITSI administrator also creates any common services or services that other teams may have a dependency on in the Global team. See Create ITSI Services for information.

By default, only the itoa_admin role has read/write access to the Global team. A user with the itoa_admin role can give write access to the Global team to other ITSI roles. If you want team admins to be able to create and modify objects in the Global team, assign these roles write permission on the Global team.

Upgrading from a previous version of ITSI

If you have upgraded ITSI from a previous version that did not contain service-level permissions, all of the existing services and service related objects like entities and KPI base searches are contained in the Global team by default. After creating private teams, you can move any existing services from the Global team to other teams as necessary. See Move a service to another team for information.

Create services as a team admin

After creating teams, the team admins that are assigned read/write permissions can create services within their teams. When creating a service, a team admin can assign it to any team for which they have read/write access. ITSI admins (itoa_admin role) can also create services in private teams.

Team admins can access all of the KPI base searches, KPI templates, and entities in the Global team when creating services in their private teams. Team admins can also create dependencies on services in the Global team or within the same team. Service dependencies cannot be created between services in different private teams. See Create ITSI Services for more information.

Team admins (users with a role that inherits from the itoa_team_admin role) cannot do bulk imports of services and entities.

Last modified on 06 March, 2019
Overview of service-level permissions in ITSI
Create teams in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, 4.1.5

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters