Splunk® IT Service Intelligence

Administration Manual

Acrobat logo Download manual as PDF


Splunk IT Service Intelligence (ITSI) version 4.11.x will reach its End of Life on December 6, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Before you upgrade IT Service Intelligence.
Acrobat logo Download topic as PDF

KV store collection permissions in ITSI

The table shows default permissions to KV store collections for IT Service Intelligence (ITSI) roles. By default, only itoa_admin has read/write/delete access to all ITSI KV store collections. SA-ITOA includes default entries in metadata/default.meta that determine access to KV store collections for ITSI roles.

Collection name itoa_admin itoa_team_admin itoa_analyst itoa_user
itsi_backfill read/write/delete read/write/delete read read
itsi_backup_restore_queue read/write/delete read - -
itsi_base_service_template read/write/delete read read read
itsi_content_pack_status read/write/delete read/write/delete - -
itsi_correlation_search read/write/delete read/write/delete read read
itsi_entity_dashboard_drilldown read/write/delete read/write/delete read read
itsi_entity_data_drilldown read/write/delete read/write/delete read read
itsi_entity_type read/write/delete read/write/delete read read
itsi_entity_filter_rules read/write/delete read/write/delete read read
itsi_entity_relationships read/write/delete read/write/delete read read
itsi_entity_relationship_rules read/write/delete read/write/delete read read
itsi_event_management read/write/delete read/write/delete read/write/delete read/write/delete
itsi_import_objects_cache read/write/delete read/write/delete read read
itsi_import_objects_cache_lookup read/write/delete read/write/delete read read
itsi_migration read/write/delete read/write/delete read read
itsi_notable_event_aggregation_policy read/write/delete read/write/delete read -
itsi_notable_event_email_template read/write/delete read/write/delete read/write/delete -
itsi_notable_event_ref_url read/write/delete read/write/delete read/write/delete read/write/delete
itsi_notable_event_tag read/write/delete read/write/delete read/write/delete read/write/delete
itsi_notable_event_ticketing read/write/delete read/write/delete read/write/delete read/write/delete
itsi_notable_group_user read/write/delete read/write/delete read/write/delete read/write/delete
itsi_notable_group_system read/write/delete read read read
itsi_pages read/write/delete read/write/delete read/write/delete read/write/delete
itsi_refresh_queue read/write/delete read/write/delete read read
itsi_services read/write/delete read/write/delete read read
itsi_service_analyzer read/write/delete read/write/delete read/write/delete read/write/delete
itsi_team read/write/delete read read read
itsi_temp_batch_claimed_action_queue read/write/delete read/write/delete read read
itsi_temporary_storage read/write/delete read/write/delete read read
itsi_user_realnames read/write/delete read/write/delete read read
maintenance_calendar read/write/delete read/write/delete read read
operative_maintenance_log read/write/delete read/write/delete read read
itoa_entity_exchange_entities* - - - -
itoa_entity_exchange_entity_hash* - - - -
itoa_entity_exchange_metadata* - - - -

* These are entity exchange collections which are used for integrating entities from the Splunk App for Infrastructure with ITSI. Only the Splunk admin role has access to these collections.

Note: As of ITSI 4.9.0, the Splunk App for Infrastructure is no longer packaged with ITSI.

Last modified on 28 April, 2023
PREVIOUS
ITSI capabilities reference 		  NEXT
Grant and revoke user permissions in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters