Splunk® IT Service Intelligence

Install and Upgrade Splunk IT Service Intelligence

Download manual as PDF

Download topic as PDF

ITSI capabilities reference

This table lists the capabilities that you can add to any role. When you create a user in ITSI, you assign that user to one role. Each role contains a set of capabilities. You can add or edit capabilities for new, existing, and default roles. For example, you might give a role the capability to create a shared glass table or delete a KPI base search. A write capability implies create and update. Delete is its own capability.

Capabilities are subject to change. For the most up-to-date list of capabilities, see $SPLUNK_HOME/etc/apps/SA-ITOA/default/authorize.conf. For information about the capabilities assigned to ITSI roles, see Restrict access to objects in ITSI.

A role that has a service capability has analogous capabilities for the KPI and entity type objects.

SA-ITOA Object type Capability name Capability description
RBAC Permissions Configuration configure_perms Ability to configure role based access control on shared service analyzers, deep dives, glass tables, correlation searches, and notable event aggregation policies.
Service/KPIs/Entity read_itsi_service
  • Ability to read service-based information in service analyzers.
  • Ability to pull in service based information on a glass table or deep dive.
  • Listing of services and entities in their lister pages.
  • Ability to create a service.
  • Ability to create a KPI.
  • Ability to create an entity.
  • Ability to bulk import entities/services through CSV file or search and set dependencies.
delete_itsi_services Ability to delete a service, KPI, or entity.
Service Templates read_itsi_base_service_template Ability to view a service template.
write_itsi_base_service_template Ability to create a service template.
delete_itsi_base_service_template Ability to delete a service template.
KPIs Temporary (KPIs with time policies enabled) read_itsi_temporary_kpi Ability to read a KPI with time policy.
write_itsi_temporary_kpi Ability to create a KPI with time policy.
delete_itsi_temporary_kpi Ability to delete a KPI with time policy.
KPI Base Searches read_itsi_kpi_base_search Ability to read a KPI base search.
write_itsi_kpi_base_search Ability to write a KPI base search.
delete_itsi_kpi_base_search Ability to delete a KPI base search.
KPI Threshold Templates read_itsi_kpi_threshold_template Ability to read KPI threshold template type objects.
write_itsi_kpi_threshold_template Ability to write a custom KPI threshold template.
delete_itsi_kpi_threshold_template Ability to delete a KPI threshold template.
Backup/Restore read_itsi_backup_restore Ability to read backup/restore page.
write_itsi_backup_restore Ability to create a backup/restore job.
delete_itsi_backup_restore Ability to delete a backup/restore job.
Glass Table read_itsi_glass_table Ability to view shared glass tables.
write_itsi_glass_table Ability to create a shared glass table.
delete_itsi_glass_table Ability to delete a shared glass table.
interact_with_itsi_glass_table Ability to drill down and interact with glass tables.
Deep Dive read_itsi_deep_dive Ability to view a shared deep dive.
  • Ability to create a shared deep dive.
  • Ability to create a shared deep dive as a clone from a private deep dive.
delete_itsi_deep_dive Ability to delete a shared deep dive.
interact_with_itsi_deep_dives Ability to drill down and interact with deep dives.
read_itsi_deep_dive_context Ability to drill down to an automatically generated (unnamed) deep dive object.
write_itsi_deep_dive_context Ability to drill down to an automatically generated (unnamed) deep dive object for the first time.
delete_itsi_deep_dive_context Ability to delete an automatically generated (unnamed) deep dive object.
interact_with_itsi_deep_dives_context Ability to drill down and interact in deep dives context.
Service Analyzer read_itsi_homeview Ability to read service analyzers. Triggered on opening the Service Analyzer or the ITSI app.
write_itsi_homeview Ability to create or edit a service analyzer. Triggered on opening the Service Analyzer or the ITSI app for the first time.
delete_itsi_homeview Ability to delete a service analyzer. Never triggered.
interact_with_itsi_homeview Ability to drill down and interact with a service analyzer.
Correlation Search read_itsi_correlation_search Ability to read a correlation search.
write_itsi_correlation_search Ability to edit a correlation search.
delete_itsi_correlation_search Ability to delete a correlation search.
interact_with_itsi_correlation_search Ability to interact with a correlation search.
Event Management State read_itsi_event_management_state Ability to read Episode Review dashboards.
write_itsi_event_management_state Ability to save an Episode Review dashboard.
delete_itsi_event_management_state Ability to delete an Episode Review dashboard.
Notable Event read-notable_event Ability to read a notable event.
write-notable_event Ability to modify a notable event on index. Requires delete_by_keyword and edit_token_http capabilities to be enabled.
delete-notable_event Ability to delete an episode.
Notable Event Aggregation Policy read_itsi_notable_event_aggregation_policy Ability to read a notable event aggregation policy.
write_itsi_notable_event_aggregation_policy Ability to write a notable event aggregation policy.
delete_itsi_notable_event_aggregation_policy Ability to delete a notable event aggregation policy.
edit_default_itsi_notable_aggregation_policy Ability to edit the default notable event aggregation policy.
interact_with_itsi_notable_aggregation_policy Ability to interact with notable event aggregation policies.
Episode actions read-notable_event_action Ability to read an episode action.
execute-notable_event_action Ability to run an episode action.
Maintenance services read-maintenance_calendar Ability to read a maintenance window.
write-maintenance_calendar Ability to write a maintenance window.
delete-maintenance_calendar Ability to delete a maintenance window.
ITSI Module interface read-module_interface Ability to view the modules on the ITSI Modules lister page and read KPIs provided by modules when creating services.
write-module_interface Ability to create an ITSI module and edit KPIs provided by modules.
delete-module_interface Ability to delete an ITSI module and delete KPIs provided by modules.
CSV Import mod input edit_modinput_itsi_csv_import Ability to save the modular input for CSV import.
Teams read_itsi_team Ability to read the objects in a team.
write_itsi_team Ability to create or update the objects in a team.
delete_itsi_team Ability to delete the objects in a team.
Bulk import bulk_import_service_or_entity Ability to create services or entities using bulk import.

See also

Create a custom role in ITSI
KV store collection permissions in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters