
KV store collection permissions in ITSI
The table shows default permissions to KV store collections for IT Service Intelligence (ITSI) roles. By default, only itoa_admin has read/write/delete access to all ITSI KV store collections. SA-ITOA includes default entries in metadata/default.meta
that determine access to KV store collections for ITSI roles.
Collection name | itoa_admin | itoa_team_admin | itoa_analyst | itoa_user |
---|---|---|---|---|
itsi_backfill | read/write/delete | read/write/delete | read | read |
itsi_backup_restore_queue | read/write/delete | read | - | - |
itsi_base_service_template | read/write/delete | read | read | read |
itsi_content_pack_status | read/write/delete | read/write/delete | - | - |
itsi_correlation_search | read/write/delete | read/write/delete | read | read |
itsi_entity_dashboard_drilldown | read/write/delete | read/write/delete | read | read |
itsi_entity_data_drilldown | read/write/delete | read/write/delete | read | read |
itsi_entity_type | read/write/delete | read/write/delete | read | read |
itsi_entity_filter_rules | read/write/delete | read/write/delete | read | read |
itsi_entity_relationships | read/write/delete | read/write/delete | read | read |
itsi_entity_relationship_rules | read/write/delete | read/write/delete | read | read |
itsi_event_management | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
itsi_import_objects_cache | read/write/delete | read/write/delete | read | read |
itsi_import_objects_cache_lookup | read/write/delete | read/write/delete | read | read |
itsi_migration | read/write/delete | read/write/delete | read | read |
itsi_notable_event_aggregation_policy | read/write/delete | read/write/delete | read | - |
itsi_notable_event_email_template | read/write/delete | read/write/delete | read/write/delete | - |
itsi_notable_event_ref_url | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
itsi_notable_event_tag | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
itsi_notable_event_ticketing | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
itsi_notable_group_user | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
itsi_notable_group_system | read/write/delete | read | read | read |
itsi_pages | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
itsi_refresh_queue | read/write/delete | read/write/delete | read | read |
itsi_services | read/write/delete | read/write/delete | read | read |
itsi_service_analyzer | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
itsi_team | read/write/delete | read | read | read |
itsi_temp_batch_claimed_action_queue | read/write/delete | read/write/delete | read | read |
itsi_temporary_storage | read/write/delete | read/write/delete | read | read |
itsi_user_realnames | read/write/delete | read/write/delete | read | read |
maintenance_calendar | read/write/delete | read/write/delete | read | read |
operative_maintenance_log | read/write/delete | read/write/delete | read | read |
itoa_entity_exchange_entities* | - | - | - | - |
itoa_entity_exchange_entity_hash* | - | - | - | - |
itoa_entity_exchange_metadata* | - | - | - | - |
* These are entity exchange collections which are used for integrating entities from the Splunk App for Infrastructure with ITSI. Only the Splunk admin role has access to these collections.
Note: As of ITSI 4.9.0, the Splunk App for Infrastructure is no longer packaged with ITSI.
PREVIOUS ITSI capabilities reference |
NEXT Grant and revoke user permissions in ITSI |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1
Feedback submitted, thanks!