##### ITOA authorize.conf #####

## ITSI Capabilities

#####################
# Permission to Configure Role Based Access Controls
#####################

[capability::configure_perms]

#####################
# Glass Tables
#####################

[capability::read_itsi_glass_table]
disabled = 0

[capability::write_itsi_glass_table]
disabled = 0

[capability::delete_itsi_glass_table]
disabled = 0

[capability::interact_with_itsi_glass_table]
disabled = 0

#####################
# Refresh Queue Job
#####################

[capability::read_itsi_refresh_queue_job]
disabled = 0

[capability::write_itsi_refresh_queue_job]
disabled = 0

[capability::delete_itsi_refresh_queue_job]
disabled = 0

#####################
# Deep Dives
#####################

[capability::read_itsi_deep_dive]
disabled = 0

[capability::write_itsi_deep_dive]
disabled = 0

[capability::delete_itsi_deep_dive]
disabled = 0

[capability::interact_with_itsi_deep_dive]
disabled = 0

[capability::read_itsi_deep_dive_context]
disabled = 0

[capability::write_itsi_deep_dive_context]
disabled = 0

[capability::delete_itsi_deep_dive_context]
disabled = 0

[capability::interact_with_itsi_deep_dive_context]
disabled = 0

#####################
# Service/KPIs/Entity -- service capability applies to entity and to KPIs
#####################

[capability::read_itsi_service]
disabled = 0

[capability::write_itsi_service]
disabled = 0

[capability::delete_itsi_service]
disabled = 0

[capability::bulk_import_service_or_entity]
disabled = 0

#############################
# Drift detection templates #
#############################
[capability::write_itsi_drift_detection_template]
disabled = 0

[capability::read_itsi_drift_detection_template]
disabled = 0

[capability::delete_itsi_drift_detection_template]
disabled = 0

#####################
# Teams
#####################

[capability::read_itsi_team]
disabled = 0

[capability::write_itsi_team]
disabled = 0

[capability::delete_itsi_team]
disabled = 0

#####################
# Service Templates
#####################

[capability::read_itsi_base_service_template]
disabled = 0

[capability::write_itsi_base_service_template]
disabled = 0

[capability::delete_itsi_base_service_template]
disabled = 0

#####################
# Service Analyzer
#####################

[capability::read_itsi_homeview]
disabled = 0

[capability::write_itsi_homeview]
disabled = 0

[capability::delete_itsi_homeview]
disabled = 0

[capability::interact_with_itsi_homeview]
disabled = 0

#####################
# Event Management State
#####################

[capability::read_itsi_event_management_state]
disabled = 0

[capability::write_itsi_event_management_state]
disabled = 0

[capability::delete_itsi_event_management_state]
disabled = 0

[capability::interact_with_itsi_event_management_state]
disabled = 0

#####################
# Email Templates
#####################

[capability::read_itsi_notable_event_email_template]
disabled = 0

[capability::write_itsi_notable_event_email_template]
disabled = 0

[capability::delete_itsi_notable_event_email_template]
disabled = 0

#####################
# KPI Threshold Templates
#####################

[capability::read_itsi_kpi_threshold_template]
disabled = 0

[capability::write_itsi_kpi_threshold_template]
disabled = 0

[capability::delete_itsi_kpi_threshold_template]
disabled = 0

#####################
# KPI Base Search
#####################

[capability::read_itsi_kpi_base_search]
disabled = 0

[capability::write_itsi_kpi_base_search]
disabled = 0

[capability::delete_itsi_kpi_base_search]
disabled = 0

#####################
# KPI Temporary
#####################

[capability::read_itsi_temporary_kpi]
disabled = 0

[capability::write_itsi_temporary_kpi]
disabled = 0

[capability::delete_itsi_temporary_kpi]
disabled = 0

#####################
# KPI State cache
#####################

[capability::read_itsi_kpi_state_cache]
disabled = 0

[capability::write_itsi_kpi_state_cache]
disabled = 0

[capability::delete_itsi_kpi_state_cache]
disabled = 0

#####################
# Backup/Restore
#####################

[capability::read_itsi_backup_restore]
disabled = 0

[capability::write_itsi_backup_restore]
disabled = 0

[capability::delete_itsi_backup_restore]
disabled = 0

#####################
# KPI AT Info
#####################

[capability::read_itsi_kpi_at_info]
disabled = 0

[capability::write_itsi_kpi_at_info]
disabled = 0

[capability::delete_itsi_kpi_at_info]
disabled = 0

#####################
# Correlation Search Capabilities
#####################

[capability::read_itsi_correlation_search]
disabled = 0

[capability::write_itsi_correlation_search]
disabled = 0

[capability::delete_itsi_correlation_search]
disabled = 0

[capability::interact_with_itsi_correlation_search]
disabled = 0

#####################
# Notable Event Capabilities
#####################

[capability::read_itsi_notable_aggregation_policy]
disabled = 0

[capability::write_itsi_notable_aggregation_policy]
disabled = 0

[capability::delete_itsi_notable_aggregation_policy]
disabled = 0

[capability::interact_with_itsi_notable_aggregation_policy]
disabled = 0

[capability::edit_default_itsi_notable_aggregation_policy]
disabled = 0

# Deprecated, use read_notable_event instead
[capability::read-notable_event]
disabled = 0

[capability::read_notable_event]
disabled = 0

# Deprecated, use write_notable_event instead
[capability::write-notable_event]
disabled = 0

[capability::write_notable_event]
disabled = 0

# Deprecated, use delete_notable_event instead
[capability::delete-notable_event]
disabled = 0

[capability::delete_notable_event]
disabled = 0

# Deprecated, use read_notable_event_action instead
[capability::read-notable_event_action]
disabled = 0

[capability::read_notable_event_action]
disabled = 0

# Deprecated, use execute_notable_event_action instead
[capability::execute-notable_event_action]
disabled = 0

[capability::execute_notable_event_action]
disabled = 0

#####################
# Maintenance services capabilities
#####################

# Deprecated, use read_maintenance_calendar instead
[capability::read-maintenance_calendar]
disabled = 0

[capability::read_maintenance_calendar]
disabled = 0

# Deprecated, use write_maintenance_calendar instead
[capability::write-maintenance_calendar]
disabled = 0

[capability::write_maintenance_calendar]
disabled = 0

# Deprecated, use delete_maintenance_calendar instead
[capability::delete-maintenance_calendar]
disabled = 0

[capability::delete_maintenance_calendar]
disabled = 0

#####################
# ITSI Module Interface
#####################

# Deprecated, use read_module_interface instead
[capability::read-module_interface]
disabled = 0

[capability::read_module_interface]
disabled = 0

# Deprecated, use write_module_interface instead
[capability::write-module_interface]
disabled = 0

[capability::write_module_interface]
disabled = 0

# Deprecated, use delete_module_interface instead
[capability::delete-module_interface]
disabled = 0

[capability::delete_module_interface]
disabled = 0

# CSV import modular input capability
# This is a workaround to fix the issue SPL-136249, where user with
# sc_admin role (without admin_all_objects capability) cannot save modular
# input for CSV import from the bulk import UI.

[capability::edit_modinput_itsi_csv_import]
disabled = 0


#####################
# ITSI Feature Flagging
#####################

[capability::edit_modinput_itsi_suite_enforcer]

#####################
# ITSI Entity Management Policies
#####################

[capability::read_itsi_entity_management_policies]
disabled = 0

[capability::write_itsi_entity_management_policies]
disabled = 0

[capability::delete_itsi_entity_management_policies]
disabled = 0

#####################
# ITSI Content Pack Authorship
#####################

[capability::read_itsi_content_pack_authorship]
disabled = 0

[capability::write_itsi_content_pack_authorship]
disabled = 0

[capability::delete_itsi_content_pack_authorship]
disabled = 0

#####################
# ITSI Entity Discovery Searches
#####################

[capability::read_itsi_entity_discovery_searches]
disabled = 0

[capability::write_itsi_entity_discovery_searches]
disabled = 0

#####################
# ITSI Saved Searches
#####################

# Increase the default quota from 50 to 100 for role_splunk-system-role
# This is a workaround to fix the issue ITSI-12865, where user was getting
# unnecessary skipped searches.

[role_splunk-system-role]
cumulativeSrchJobsQuota = 100
srchJobsQuota = 100
disabled = 0

#####################
# Custom Threshold Windows
#####################

[capability::read_itsi_custom_threshold_windows]
disabled = 0

[capability::write_itsi_custom_threshold_windows]
disabled = 0

[capability::delete_itsi_custom_threshold_windows]
disabled = 0

##########################################
# Upgrade Readiness Prechecks
##########################################

[capability::read_itsi_upgrade_readiness_prechecks]
disabled = 0

[capability::write_itsi_upgrade_readiness_prechecks]
disabled = 0

[capability::delete_itsi_upgrade_readiness_prechecks]
disabled = 0

#####################
# Sandbox
#####################

[capability::read_itsi_sandbox]
disabled = 0

[capability::write_itsi_sandbox]
disabled = 0

[capability::delete_itsi_sandbox]
disabled = 0

#####################
# Sandbox Service
#####################

[capability::read_itsi_sandbox_service]
disabled = 0

[capability::write_itsi_sandbox_service]
disabled = 0

[capability::delete_itsi_sandbox_service]
disabled = 0

#####################
# Sandbox Sync log
#####################

[capability::read_itsi_sandbox_sync_log]
disabled = 0

[capability::write_itsi_sandbox_sync_log]
disabled = 0

[capability::delete_itsi_sandbox_sync_log]
disabled = 0

#####################
# Admin Console
#####################

[capability::read_itsi_admin_console]
disabled = 0

[capability::write_itsi_admin_console]
disabled = 0

#####################
# KPI Entity Threshold
#####################

[capability::read_itsi_kpi_entity_threshold]
disabled = 0

[capability::write_itsi_kpi_entity_threshold]
disabled = 0

[capability::delete_itsi_kpi_entity_threshold]

# Data Integration
#####################

[capability::read_itsi_data_integration]
disabled = 0

[capability::write_itsi_data_integration]
disabled = 0

[capability::delete_itsi_data_integration]
disabled = 0

[capability::read_itsi_event_management_export]
disabled = 0

[capability::write_itsi_event_management_export]
disabled = 0

[capability::delete_itsi_event_management_export]
disabled = 0