ITSI capabilities reference
This table lists ITSI capabilities for each default role. When you create a user in ITSI, you assign that user one or more roles. Each role contains a set of capabilities. You can add or edit capabilities for new, existing, and default roles. For example, you might give a role the capability to create a shared glass table or delete a KPI base search. A write capability implies create and update. Delete is its own capability. If you modify the capabilities for custom roles, you also need to assign the role proper view-level access. For instructions, see Assign the role proper view-level access.
Capabilities are subject to change. For the most up-to-date list of capabilities, see $SPLUNK_HOME/etc/apps/SA-ITOA/default/authorize.conf
. For information about the capabilities assigned to ITSI roles, see Restrict access to objects in ITSI. This capability reference only shows capabilities corresponding to each default role. Custom roles can inherit a default role along with that role's capabilities. To learn more about the relationship between default and custom roles, see Custom roles for teams.
A role that has a service capability has analogous capabilities for the KPI and entity type objects.
SA-ITOA Object type | Capability name | Capability description | itoa_user | itoa_analyst | itoa_team_admin | itoa_admin |
---|---|---|---|---|---|---|
RBAC Permissions Configuration |
configure_perms | Configure role based access control on shared service analyzers, deep dives, glass tables, correlation searches, and notable event aggregation policies. | X | X | ||
Service/KPIs/Entity | read_itsi_service | Read service-based information in service analyzers, pull in service-based information on a glass table or deep dive, and list services and entities. | X | X | X | X |
write_itsi_service | Create a service, KPI, and entity, and bulk import entities and services. | X | X | |||
delete_itsi_services | Delete a service, KPI, or entity. | X | X | |||
Service Templates | read_itsi_base_service_template | View a service template. | X | X | X | X |
write_itsi_base_service_template | Create a service template. | X | ||||
delete_itsi_base_service_template | Delete a service template. | X | ||||
Temporary KPIs | read_itsi_temporary_kpi | Read a KPI with time policy. | X | X | X | X |
write_itsi_temporary_kpi | Create a KPI with time policy. | X | X | X | X | |
delete_itsi_temporary_kpi | Delete a KPI with time policy. | X | X | X | X | |
KPI Base Searches | read_itsi_kpi_base_search | Read a KPI base search. | X | X | X | X |
write_itsi_kpi_base_search | Write a KPI base search. | X | X | |||
delete_itsi_kpi_base_search | Delete a KPI base search. | X | X | |||
KPI Threshold Templates | read_itsi_kpi_threshold_template | Read KPI threshold template type objects. | X | X | X | X |
write_itsi_kpi_threshold_template | Write a custom KPI threshold template. | X | X | |||
delete_itsi_kpi_threshold_template | Delete a KPI threshold template. | X | X | |||
create_external_ticket | Create a ticket in a third-party ticketing system. | X | X | |||
Backup/Restore | read_itsi_backup_restore | Read backup/restore page. | X | |||
write_itsi_backup_restore | Create a backup/restore job. | X | ||||
delete_itsi_backup_restore | Delete a backup/restore job. | X | ||||
Glass Table | read_itsi_glass_table | View shared glass tables. | X | X | X | X |
write_itsi_glass_table | Create and edit a shared glass table. Does not include the ability to drill down in view mode. | X | X | X | ||
delete_itsi_glass_table | Delete a shared glass table. | X | X | X | ||
interact_with_itsi_glass_table | Drill down and interact with glass tables. | X | X | X | X | |
Deep Dive | read_itsi_deep_dive | View a shared deep dive. | X | X | X | X |
write_itsi_deep_dive | Create a shared deep dive. | X | X | X | ||
delete_itsi_deep_dive | Delete a shared deep dive. | X | X | X | ||
interact_with_itsi_deep_dives | Drill down and interact with deep dives. | X | X | X | X | |
read_itsi_deep_dive_context | Drill down to an automatically-generated deep dive object. | X | X | X | X | |
write_itsi_deep_dive_context | Drill down to an automatically-generated deep dive object for the first time. | X | X | X | X | |
delete_itsi_deep_dive_context | Delete an automatically-generated deep dive object. | X | X | X | X | |
interact_with_itsi_deep_dives_context | Drill down and interact in deep dives context. | X | X | X | X | |
Service Analyzer | read_itsi_homeview | Read service analyzers. | X | X | X | X |
write_itsi_homeview | Create or edit a service analyzer. | X | X | X | X | |
delete_itsi_homeview | Delete a service analyzer. | X | X | X | X | |
interact_with_itsi_homeview | Drill down and interact with a service analyzer. | X | X | X | X | |
Correlation Search | read_itsi_correlation_search | Read a correlation search. | X | X | X | |
write_itsi_correlation_search | Edit a correlation search. | X | X | |||
delete_itsi_correlation_search | Delete a correlation search. | X | X | |||
interact_with_itsi_correlation_search | Drill down and interact with a correlation search. | X | X | |||
Event Management State | read_itsi_event_management_state | Read Episode Review dashboards. | X | X | X | X |
write_itsi_event_management_state | Save an Episode Review dashboard. | X | X | X | X | |
delete_itsi_event_management_state | Delete an Episode Review dashboard. | X | X | X | X | |
interact_with_itsi_event_management_state | Drill down and interact with an Episode Review dashboard. | X | X | X | X | |
Event management | edit_token_http | Run an episode action, and update episode owner, severity, and status. | X | X | X | |
Notable Event | read-notable_event | Read a notable event. | X | X | X | X |
write-notable_event | Modify a notable event on index. Requires delete_by_keyword and edit_token_http capabilities to be enabled. | X | X | X | ||
delete-notable_event | Delete an episode. | X | X | X | ||
Notable Event Aggregation Policy |
read_itsi_notable_aggregation_policy | Read a notable event aggregation policy. | X | X | X | |
write_itsi_notable_aggregation_policy | Write a notable event aggregation policy. | X | X | |||
delete_itsi_notable_aggregation_policy | Delete a notable event aggregation policy. | X | X | |||
edit_default_itsi_notable_aggregation_policy | Edit the default notable event aggregation policy. | X | ||||
interact_with_itsi_notable_aggregation_policy | Drill down and interact with notable event aggregation policies. | X | X | |||
Episode actions | read-notable_event_action | Read an episode action. | X | X | X | X |
execute-notable_event_action | Run an episode action, and update episode owner, severity, and status. | X | X | X | ||
Email templates | read_itsi_notable_event_email_template | Read an email template. | X | X | X | |
write_itsi_notable_event_email_template | Edit an email template. | X | X | X | ||
delete_itsi_notable_event_email_template | Delete an email template. | X | X | X | ||
Maintenance services | read-maintenance_calendar | Read a maintenance window. | X | X | X | X |
write-maintenance_calendar | Write a maintenance window. | X | X | |||
delete-maintenance_calendar | Delete a maintenance window. | X | X | |||
delete-module_interface | Delete an ITSI module and KPIs provided by modules. | X | X | |||
CSV Import mod input | edit_modinput_itsi_csv_import | Save the modular input for CSV import. | X | |||
Teams | read_itsi_team | Read objects for a team. | X | X | X | X |
write_itsi_team | Create or update objects for a team. | X | ||||
delete_itsi_team | Delete objects for a team. | X | ||||
Bulk import | bulk_import_service_or_entity | Create services or entities using bulk import. | X | X |
Create a custom role in ITSI | KV store collection permissions in ITSI |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1, 4.18.0, 4.18.1
Feedback submitted, thanks!