This documentation does not apply to the most recent version of Splunk® IT Service Intelligence.
For documentation on the most recent version, go to the latest release.
KV store collection permissions in ITSI
The table shows default permissions to KV store collections for IT Service Intelligence (ITSI) roles. By default, only itoa_admin has read/write/delete access to all ITSI KV store collections. SA-ITOA includes default entries in metadata/default.meta that determine access to KV store collections for ITSI roles.
| Collection name | itoa_admin | itoa_team_admin | itoa_analyst | itoa_user |
|---|---|---|---|---|
| itsi_backfill | read/write/delete | read/write/delete | read | read |
| itsi_backup_restore_queue | read/write/delete | read | - | - |
| itsi_base_service_template | read/write/delete | read | read | read |
| itsi_content_pack_status | read/write/delete | read/write/delete | - | - |
| itsi_correlation_search | read/write/delete | read/write/delete | read | read |
| itsi_entity_dashboard_drilldown | read/write/delete | read/write/delete | read | read |
| itsi_entity_data_drilldown | read/write/delete | read/write/delete | read | read |
| itsi_entity_type | read/write/delete | read/write/delete | read | read |
| itsi_entity_filter_rules | read/write/delete | read/write/delete | read | read |
| itsi_entity_relationships | read/write/delete | read/write/delete | read | read |
| itsi_entity_relationship_rules | read/write/delete | read/write/delete | read | read |
| itsi_event_management | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_import_objects_cache | read/write/delete | read/write/delete | read | read |
| itsi_import_objects_cache_lookup | read/write/delete | read/write/delete | read | read |
| itsi_migration | read/write/delete | read/write/delete | read | read |
| itsi_notable_event_aggregation_policy | read/write/delete | read/write/delete | read | - |
| itsi_notable_event_email_template | read/write/delete | read/write/delete | read/write/delete | - |
| itsi_notable_event_ref_url | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_event_tag | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_event_ticketing | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_group_user | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_group_system | read/write/delete | read | read | read |
| itsi_pages | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_refresh_queue | read/write/delete | read/write/delete | read | read |
| itsi_services | read/write/delete | read/write/delete | read | read |
| itsi_service_analyzer | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_team | read/write/delete | read | read | read |
| itsi_temp_batch_claimed_action_queue | read/write/delete | read/write/delete | read | read |
| itsi_temporary_storage | read/write/delete | read/write/delete | read | read |
| itsi_user_realnames | read/write/delete | read/write/delete | read | read |
| maintenance_calendar | read/write/delete | read/write/delete | read | read |
| operative_maintenance_log | read/write/delete | read/write/delete | read | read |
Last modified on 22 April, 2024
| ITSI capabilities reference | Grant and revoke user permissions in ITSI |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1, 4.18.0, 4.18.1
Download manual
Feedback submitted, thanks!