annalearning.blogg.se - Splunk itsi maintenance rest api

#Splunk itsi maintenance rest api update#
#Splunk itsi maintenance rest api full#
#Splunk itsi maintenance rest api plus#

Open or create a copy of nf in $SPLUNK_HOME/etc/apps/itsi/local/ directory.

You can enable or disable object capabilities for ITSI roles in nf. The following table lists the capabilities and ITSI roles that have these capabilities:Įnable or disable ITSI capabilities for a role Some ITSI roles inherit capabilities that are typically only available to Splunk administration roles. The list_storage_passwords capability does not provide access to individual user credentials. Ensure that you provide access only to users with proper security credentials to view stored passwords for other applications. Note that this capability enables users to view stored passwords for other applications, which is typically an admin-level capability. To execute actions as part of the ITSI ServiceNow or Remedy integrations, all roles that are not admin roles require access to the list_storage_passwords and the edit_token_http capability. If you have the itoa_admin or itoa_team_admin role, or the capabilities of these roles, you need write access to the Global team to write and delete global objects such as service templates, entities, KPI templates, base searches, and threshold templates. Users assigned to the itoa_user role can create and manage private service analyzers, glass tables, and deep dives. ITSI role capabilities apply only to shared objects. Do not assign these roles to users separately. *The user_ad_user and metric_ad_admin roles are inherited by ITSI roles for the purposes of using anomaly detection in ITSI. Itoa_admin, itoa_analyst, itoa_user, user, power

edit the default notable event aggregation policy.

perform bulk import of entities and services via CSV/search.

#Splunk itsi maintenance rest api plus#

Itoa_team_admin, user, power, metric_ad_admin*Īll capabilities of itoa_team_admin plus the following: read/write/delete notable event aggregation policies.read/write/delete KPI threshold templates.read/write/delete services, KPIs, and entities.Itoa_analyst, user, power, metric_ad_admin*Īll capabilities of itoa_analyst plus the following: read notable event aggregation policies.read/write/delete saved service analyzers.read/write/delete notable event management stateĪll capabilities of itoa_user plus the following:.read/write/delete deep dives context (drilldown from Service Analyzer or notable events).read the default Service Analyzer (homeview).read glass tables and write their own private glass tables.

#Splunk itsi maintenance rest api full#

For a full list of ITSI capabilities and the functions they provide, see ITSI capabilities reference. ITSI roles inherit from lesser ITSI roles and thus inherit the capabilities of the lesser roles. The following table summarizes ITSI roles, inheritance, and capabilities.

See Create custom roles for teams for information. If your organization is planning to use teams to manage service-level permissions, you need to create custom roles that inherit from the provided ITSI roles. Splunk Cloud Platform administrators with the role sc_admin need to request Splunk support to assign users to the ITSI roles. The role to which you assign a user depends on the specific tasks the user performs inside of ITSI, and level of security access that a user requires. Splunk Enterprise administrators can assign users to these roles to grant an appropriate level of access to specific ITSI functions. Note that users with the Splunk admin role also have the itoa_admin role. This role is required to assign access to objects such as glass tables to other ITSI roles. Admins create teams for team administrators to administer as well as create objects in the Global team. This role can also create and manage notable event aggregation policies.Īssign this role to ITSI administrators.

#Splunk itsi maintenance rest api update#

Team admins can create and administer services, and update objects for ITSI teams to which they are assigned read/write access. Splunk IT Service Intelligence provides four special roles with predefined capabilities:Īssign this role to users who need basic read access to ITSI.Īssign this role to knowledge managers in your organization who will create glass tables, deep dives, and service analyzers and work with episodes in Episode Review.Ĭreate team admin roles that inherit from this role. For more information about users, see About user authentication in the Securing Splunk Enterprise manual. The admin user is necessary for many IT Service Intelligence features, such as notable event grouping in Episode Review. Never delete the default admin user from your Splunk instance. The Splunk platform authorization allows you to add users, assign users to roles, and assign those roles custom capabilities to provide granular, role-based access control for your organization. Splunk IT Service Intelligence (ITSI) uses the access control system integrated with the Splunk platform.