Related Answers
Download topic as PDF
KV store collection permissions in ITSI
This table shows default permissions to KV store collections for ITSI roles. By default, only the itoa_admin role has read/write/delete permissions to all ITSI KV store collections.
The SA-ITOA file includes default entries in metadata/default.meta that determine access to KV store collections for ITSI roles. If you're creating a custom role, you must assign the role KV store collection level access using this file. For more information, see Create a custom role in ITSI in this manual.
| Collection name | itoa_admin | itoa_team_admin | itoa_analyst | itoa_user |
|---|---|---|---|---|
| itsi_backfill | read/write/delete | read/write/delete | read | read |
| itsi_backup_restore_queue | read/write/delete | read | - | - |
| itsi_base_service_template | read/write/delete | read | read | read |
| itsi_correlation_search | read/write/delete | read/write/delete | read | read |
| itsi_entity_relationships | read/write/delete | read/write/delete | read | read |
| itsi_entity_relationship_rules | read/write/delete | read/write/delete | read | read |
| itsi_event_management | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_migration | read/write/delete | read/write/delete | read | read |
| itsi_notable_event_aggregation_policy | read/write/delete | read/write/delete | read | - |
| itsi_notable_event_comment | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_event_tag | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_event_ticketing | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_group_user | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_notable_group_system | read/write/delete | read | read | read |
| itsi_pages | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_refresh_queue | read/write/delete | read/write/delete | read | read |
| itsi_services | read/write/delete | read/write/delete | read | read |
| itsi_service_analyzer | read/write/delete | read/write/delete | read/write/delete | read/write/delete |
| itsi_team | read/write/delete | read | read | read |
| itsi_temp_batch_claimed_action_queue | read/write/delete | read/write/delete | read | read |
| itsi_temporary_storage | read/write/delete | read/write/delete | read | read |
| itsi_user_realnames | read/write/delete | read/write/delete | read | read |
| maintenance_calendar | read/write/delete | read/write/delete | read | read |
| operative_maintenance_log | read/write/delete | read/write/delete | read | read |
| itoa_entity_exchange_entities* | - | - | - | - |
| itoa_entity_exchange_entity_hash* | - | - | - | - |
| itoa_entity_exchange_metadata* | - | - | - | - |
* These collections are entity exchange collections that are used for integrating entities from the Splunk App for Infrastructure with ITSI. Only the Splunk admin role has access to these collections.
|
PREVIOUS ITSI capabilities reference |
NEXT Restrict access to objects in ITSI |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.2.0, 4.2.1, 4.2.2, 4.2.3
Feedback submitted, thanks!