ITSI capabilities reference
This table lists ITSI capabilities for each default role. When you create a user in ITSI, you assign that user one or more roles. Each role contains a set of capabilities. You can add or edit capabilities for new, existing, and default roles. For example, you might give a role the capability to create a shared glass table or delete a KPI base search. A write capability implies create and update. Delete is its own capability. If you modify the capabilities for custom roles, you also need to assign the role proper view-level access. For instructions, see Assign the role proper view-level access.
Capabilities are subject to change. For the most up-to-date list of capabilities, see $SPLUNK_HOME/etc/apps/SA-ITOA/default/authorize.conf
. For information about the capabilities assigned to ITSI roles, see Restrict access to objects in ITSI.
A role that has a service capability has analogous capabilities for the KPI and entity type objects.
SA-ITOA Object type | Capability name | Capability description | itoa_user | itoa_analyst | itoa_team_admin | itoa_admin |
---|---|---|---|---|---|---|
RBAC Permissions Configuration |
configure_perms | Configure role based access control on shared service analyzers, deep dives, glass tables, correlation searches, and notable event aggregation policies. | X | X | ||
Service/KPIs/Entity | read_itsi_service | Read service-based information in service analyzers, pull in service-based information on a glass table or deep dive, and list services and entities. | X | X | X | X |
write_itsi_service | Create a service, KPI, and entity, and bulk import entities and services. | X | X | |||
delete_itsi_services | Delete a service, KPI, or entity. | X | X | |||
Service Templates | read_itsi_base_service_template | View a service template. | X | X | X | X |
write_itsi_base_service_template | Create a service template. | X | ||||
delete_itsi_base_service_template | Delete a service template. | X | ||||
Temporary KPIs | read_itsi_temporary_kpi | Read a KPI with time policy. | X | X | X | X |
write_itsi_temporary_kpi | Create a KPI with time policy. | X | X | X | X | |
delete_itsi_temporary_kpi | Delete a KPI with time policy. | X | X | X | X | |
KPI Base Searches | read_itsi_kpi_base_search | Read a KPI base search. | X | X | X | X |
write_itsi_kpi_base_search | Write a KPI base search. | X | X | |||
delete_itsi_kpi_base_search | Delete a KPI base search. | X | X | |||
KPI Threshold Templates | read_itsi_kpi_threshold_template | Read KPI threshold template type objects. | X | X | X | X |
write_itsi_kpi_threshold_template | Write a custom KPI threshold template. | X | X | |||
delete_itsi_kpi_threshold_template | Delete a KPI threshold template. | X | X | |||
create_external_ticket | Create a ticket in a third-party ticketing system. | X | X | |||
Backup/Restore | read_itsi_backup_restore | Read backup/restore page. | X | |||
write_itsi_backup_restore | Create a backup/restore job. | X | ||||
delete_itsi_backup_restore | Delete a backup/restore job. | X | ||||
Glass Table | read_itsi_glass_table | View shared glass tables. | X | X | X | X |
write_itsi_glass_table | Create and edit a shared glass table. Does not include the ability to drill down in view mode. | X | X | X | ||
delete_itsi_glass_table | Delete a shared glass table. | X | X | X | ||
interact_with_itsi_glass_table | Drill down and interact with glass tables. | X | X | X | X | |
Deep Dive | read_itsi_deep_dive | View a shared deep dive. | X | X | X | X |
write_itsi_deep_dive | Create a shared deep dive. | X | X | X | ||
delete_itsi_deep_dive | Delete a shared deep dive. | X | X | X | ||
interact_with_itsi_deep_dives | Drill down and interact with deep dives. | X | X | X | X | |
read_itsi_deep_dive_context | Drill down to an automatically-generated deep dive object. | X | X | X | X | |
write_itsi_deep_dive_context | Drill down to an automatically-generated deep dive object for the first time. | X | X | X | X | |
delete_itsi_deep_dive_context | Delete an automatically-generated deep dive object. | X | X | X | X | |
interact_with_itsi_deep_dives_context | Drill down and interact in deep dives context. | X | X | X | X | |
Service Analyzer | read_itsi_homeview | Read service analyzers. | X | X | X | X |
write_itsi_homeview | Create or edit a service analyzer. | X | X | X | X | |
delete_itsi_homeview | Delete a service analyzer. | X | X | X | X | |
interact_with_itsi_homeview | Drill down and interact with a service analyzer. | X | X | X | X | |
Correlation Search | read_itsi_correlation_search | Read a correlation search. | X | X | X | |
write_itsi_correlation_search | Edit a correlation search. | X | X | |||
delete_itsi_correlation_search | Delete a correlation search. | X | X | |||
interact_with_itsi_correlation_search | Drill down and interact with a correlation search. | X | X | |||
Event Management State | read_itsi_event_management_state | Read Episode Review dashboards. | X | X | X | X |
write_itsi_event_management_state | Save an Episode Review dashboard. | X | X | X | X | |
delete_itsi_event_management_state | Delete an Episode Review dashboard. | X | X | X | X | |
interact_with_itsi_event_management_state | Drill down and interact with an Episode Review dashboard. | X | X | X | X | |
Event management | edit_token_http | Run an episode action, and update episode owner, severity, and status. | X | X | X | |
Notable Event | read-notable_event | Read a notable event. | X | X | X | X |
write-notable_event | Modify a notable event on index. Requires delete_by_keyword and edit_token_http capabilities to be enabled. | X | X | X | ||
delete-notable_event | Delete an episode. | X | X | X | ||
Notable Event Aggregation Policy |
read_itsi_notable_aggregation_policy | Read a notable event aggregation policy. | X | X | X | |
write_itsi_notable_aggregation_policy | Write a notable event aggregation policy. | X | X | |||
delete_itsi_notable_aggregation_policy | Delete a notable event aggregation policy. | X | X | |||
edit_default_itsi_notable_aggregation_policy | Edit the default notable event aggregation policy. | X | ||||
interact_with_itsi_notable_aggregation_policy | Drill down and interact with notable event aggregation policies. | X | X | |||
Episode actions | read-notable_event_action | Read an episode action. | X | X | X | X |
execute-notable_event_action | Run an episode action, and update episode owner, severity, and status. | X | X | X | ||
Email templates | read_itsi_notable_event_email_template | Read an email template. | X | X | X | |
write_itsi_notable_event_email_template | Edit an email template. | X | X | X | ||
delete_itsi_notable_event_email_template | Delete an email template. | X | X | X | ||
Maintenance services | read-maintenance_calendar | Read a maintenance window. | X | X | X | X |
write-maintenance_calendar | Write a maintenance window. | X | X | |||
delete-maintenance_calendar | Delete a maintenance window. | X | X | |||
delete-module_interface | Delete an ITSI module and KPIs provided by modules. | X | X | |||
CSV Import mod input | edit_modinput_itsi_csv_import | Save the modular input for CSV import. | X | |||
Teams | read_itsi_team | Read objects for a team. | X | X | X | X |
write_itsi_team | Create or update objects for a team. | X | X | |||
delete_itsi_team | Delete objects for a team. | X | X | |||
Bulk import | bulk_import_service_or_entity | Create services or entities using bulk import. | X | X |
Create a custom role in ITSI | KV store collection permissions in ITSI |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only
Feedback submitted, thanks!