Splunk® IT Service Intelligence

Install and Upgrade Splunk IT Service Intelligence

Download manual as PDF

This documentation does not apply to the most recent version of ITSI. Click here for the latest version.
Download topic as PDF

KV store collection permissions in ITSI

This table shows default permissions to KV store collections for ITSI roles. By default, only the itoa_admin role has read/write/delete permissions to all ITSI KV store collections.

The SA-ITOA file includes default entries in metadata/default.meta that determine access to KV store collections for ITSI roles. If you're creating a custom role, you must assign the role KV store collection level access using this file. For more information, see Create a custom role in ITSI in this manual.

Collection name itoa_admin itoa_team_admin itoa_analyst itoa_user
itsi_backfill read/write/delete read/write/delete read read
itsi_backup_restore_queue read/write/delete read - -
itsi_base_service_template read/write/delete read read read
itsi_correlation_search read/write/delete read/write/delete read read
itsi_entity_relationships read/write/delete read/write/delete read read
itsi_entity_relationship_rules read/write/delete read/write/delete read read
itsi_event_management read/write/delete read/write/delete read/write/delete read/write/delete
itsi_migration read/write/delete read/write/delete read read
itsi_notable_event_aggregation_policy read/write/delete read/write/delete read -
itsi_notable_event_comment read/write/delete read/write/delete read/write/delete read/write/delete
itsi_notable_event_tag read/write/delete read/write/delete read/write/delete read/write/delete
itsi_notable_event_ticketing read/write/delete read/write/delete read/write/delete read/write/delete
itsi_notable_group_user read/write/delete read/write/delete read/write/delete read/write/delete
itsi_notable_group_system read/write/delete read read read
itsi_pages read/write/delete read/write/delete read/write/delete read/write/delete
itsi_refresh_queue read/write/delete read/write/delete read read
itsi_services read/write/delete read/write/delete read read
itsi_service_analyzer read/write/delete read/write/delete read/write/delete read/write/delete
itsi_team read/write/delete read read read
itsi_temp_batch_claimed_action_queue read/write/delete read/write/delete read read
itsi_temporary_storage read/write/delete read/write/delete read read
itsi_user_realnames read/write/delete read/write/delete read read
maintenance_calendar read/write/delete read/write/delete read read
operative_maintenance_log read/write/delete read/write/delete read read
itoa_entity_exchange_entities* - - - -
itoa_entity_exchange_entity_hash* - - - -
itoa_entity_exchange_metadata* - - - -

* These collections are entity exchange collections that are used for integrating entities from the Splunk App for Infrastructure with ITSI. Only the Splunk admin role has access to these collections.

PREVIOUS
ITSI capabilities reference
  NEXT
Restrict access to objects in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.2.0, 4.2.1, 4.2.2, 4.2.3


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters