You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
568 lines
11 KiB
568 lines
11 KiB
##### ITOA authorize.conf #####
|
|
|
|
## ITSI Capabilities
|
|
|
|
#####################
|
|
# Permission to Configure Role Based Access Controls
|
|
#####################
|
|
|
|
[capability::configure_perms]
|
|
|
|
#####################
|
|
# Glass Tables
|
|
#####################
|
|
|
|
[capability::read_itsi_glass_table]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_glass_table]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_glass_table]
|
|
disabled = 0
|
|
|
|
[capability::interact_with_itsi_glass_table]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Refresh Queue Job
|
|
#####################
|
|
|
|
[capability::read_itsi_refresh_queue_job]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_refresh_queue_job]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_refresh_queue_job]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Deep Dives
|
|
#####################
|
|
|
|
[capability::read_itsi_deep_dive]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_deep_dive]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_deep_dive]
|
|
disabled = 0
|
|
|
|
[capability::interact_with_itsi_deep_dive]
|
|
disabled = 0
|
|
|
|
[capability::read_itsi_deep_dive_context]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_deep_dive_context]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_deep_dive_context]
|
|
disabled = 0
|
|
|
|
[capability::interact_with_itsi_deep_dive_context]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Service/KPIs/Entity -- service capability applies to entity and to KPIs
|
|
#####################
|
|
|
|
[capability::read_itsi_service]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_service]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_service]
|
|
disabled = 0
|
|
|
|
[capability::bulk_import_service_or_entity]
|
|
disabled = 0
|
|
|
|
#############################
|
|
# Drift detection templates #
|
|
#############################
|
|
[capability::write_itsi_drift_detection_template]
|
|
disabled = 0
|
|
|
|
[capability::read_itsi_drift_detection_template]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_drift_detection_template]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Teams
|
|
#####################
|
|
|
|
[capability::read_itsi_team]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_team]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_team]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Service Templates
|
|
#####################
|
|
|
|
[capability::read_itsi_base_service_template]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_base_service_template]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_base_service_template]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Service Analyzer
|
|
#####################
|
|
|
|
[capability::read_itsi_homeview]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_homeview]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_homeview]
|
|
disabled = 0
|
|
|
|
[capability::interact_with_itsi_homeview]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Event Management State
|
|
#####################
|
|
|
|
[capability::read_itsi_event_management_state]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_event_management_state]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_event_management_state]
|
|
disabled = 0
|
|
|
|
[capability::interact_with_itsi_event_management_state]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Email Templates
|
|
#####################
|
|
|
|
[capability::read_itsi_notable_event_email_template]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_notable_event_email_template]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_notable_event_email_template]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# KPI Threshold Templates
|
|
#####################
|
|
|
|
[capability::read_itsi_kpi_threshold_template]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_kpi_threshold_template]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_kpi_threshold_template]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# KPI Base Search
|
|
#####################
|
|
|
|
[capability::read_itsi_kpi_base_search]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_kpi_base_search]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_kpi_base_search]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# KPI Temporary
|
|
#####################
|
|
|
|
[capability::read_itsi_temporary_kpi]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_temporary_kpi]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_temporary_kpi]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# KPI State cache
|
|
#####################
|
|
|
|
[capability::read_itsi_kpi_state_cache]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_kpi_state_cache]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_kpi_state_cache]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Backup/Restore
|
|
#####################
|
|
|
|
[capability::read_itsi_backup_restore]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_backup_restore]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_backup_restore]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# KPI AT Info
|
|
#####################
|
|
|
|
[capability::read_itsi_kpi_at_info]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_kpi_at_info]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_kpi_at_info]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# AT Incremental Learning
|
|
#####################
|
|
|
|
[capability::read_itsi_at_incremental_values]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_at_incremental_values]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_at_incremental_values]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Correlation Search Capabilities
|
|
#####################
|
|
|
|
[capability::read_itsi_correlation_search]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_correlation_search]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_correlation_search]
|
|
disabled = 0
|
|
|
|
[capability::interact_with_itsi_correlation_search]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Notable Event Capabilities
|
|
#####################
|
|
|
|
[capability::read_itsi_notable_aggregation_policy]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_notable_aggregation_policy]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_notable_aggregation_policy]
|
|
disabled = 0
|
|
|
|
[capability::interact_with_itsi_notable_aggregation_policy]
|
|
disabled = 0
|
|
|
|
[capability::edit_default_itsi_notable_aggregation_policy]
|
|
disabled = 0
|
|
|
|
# Deprecated, use read_notable_event instead
|
|
[capability::read-notable_event]
|
|
disabled = 0
|
|
|
|
[capability::read_notable_event]
|
|
disabled = 0
|
|
|
|
# Deprecated, use write_notable_event instead
|
|
[capability::write-notable_event]
|
|
disabled = 0
|
|
|
|
[capability::write_notable_event]
|
|
disabled = 0
|
|
|
|
# Deprecated, use delete_notable_event instead
|
|
[capability::delete-notable_event]
|
|
disabled = 0
|
|
|
|
[capability::delete_notable_event]
|
|
disabled = 0
|
|
|
|
# Deprecated, use read_notable_event_action instead
|
|
[capability::read-notable_event_action]
|
|
disabled = 0
|
|
|
|
[capability::read_notable_event_action]
|
|
disabled = 0
|
|
|
|
# Deprecated, use execute_notable_event_action instead
|
|
[capability::execute-notable_event_action]
|
|
disabled = 0
|
|
|
|
[capability::execute_notable_event_action]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Maintenance services capabilities
|
|
#####################
|
|
|
|
# Deprecated, use read_maintenance_calendar instead
|
|
[capability::read-maintenance_calendar]
|
|
disabled = 0
|
|
|
|
[capability::read_maintenance_calendar]
|
|
disabled = 0
|
|
|
|
# Deprecated, use write_maintenance_calendar instead
|
|
[capability::write-maintenance_calendar]
|
|
disabled = 0
|
|
|
|
[capability::write_maintenance_calendar]
|
|
disabled = 0
|
|
|
|
# Deprecated, use delete_maintenance_calendar instead
|
|
[capability::delete-maintenance_calendar]
|
|
disabled = 0
|
|
|
|
[capability::delete_maintenance_calendar]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# ITSI Module Interface
|
|
#####################
|
|
|
|
# Deprecated, use read_module_interface instead
|
|
[capability::read-module_interface]
|
|
disabled = 0
|
|
|
|
[capability::read_module_interface]
|
|
disabled = 0
|
|
|
|
# Deprecated, use write_module_interface instead
|
|
[capability::write-module_interface]
|
|
disabled = 0
|
|
|
|
[capability::write_module_interface]
|
|
disabled = 0
|
|
|
|
# Deprecated, use delete_module_interface instead
|
|
[capability::delete-module_interface]
|
|
disabled = 0
|
|
|
|
[capability::delete_module_interface]
|
|
disabled = 0
|
|
|
|
# CSV import modular input capability
|
|
# This is a workaround to fix the issue SPL-136249, where user with
|
|
# sc_admin role (without admin_all_objects capability) cannot save modular
|
|
# input for CSV import from the bulk import UI.
|
|
|
|
[capability::edit_modinput_itsi_csv_import]
|
|
disabled = 0
|
|
|
|
|
|
#####################
|
|
# ITSI Feature Flagging
|
|
#####################
|
|
|
|
[capability::edit_modinput_itsi_suite_enforcer]
|
|
|
|
#####################
|
|
# ITSI Entity Management Policies
|
|
#####################
|
|
|
|
[capability::read_itsi_entity_management_policies]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_entity_management_policies]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_entity_management_policies]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# ITSI Content Pack Authorship
|
|
#####################
|
|
|
|
[capability::read_itsi_content_pack_authorship]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_content_pack_authorship]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_content_pack_authorship]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# ITSI Duplicate Entities Management
|
|
#####################
|
|
[capability::read_itsi_duplicate_entities_management]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_duplicate_entities_management]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_duplicate_entities_management]
|
|
disabled = 0
|
|
|
|
|
|
#####################
|
|
# ITSI Entity Discovery Searches
|
|
#####################
|
|
|
|
[capability::read_itsi_entity_discovery_searches]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_entity_discovery_searches]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# ITSI Saved Searches
|
|
#####################
|
|
|
|
# Increase the default quota from 50 to 100 for role_splunk-system-role
|
|
# This is a workaround to fix the issue ITSI-12865, where user was getting
|
|
# unnecessary skipped searches.
|
|
|
|
[role_splunk-system-role]
|
|
cumulativeSrchJobsQuota = 100
|
|
srchJobsQuota = 100
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Custom Threshold Windows
|
|
#####################
|
|
|
|
[capability::read_itsi_custom_threshold_windows]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_custom_threshold_windows]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_custom_threshold_windows]
|
|
disabled = 0
|
|
|
|
##########################################
|
|
# Upgrade Readiness Prechecks
|
|
##########################################
|
|
|
|
[capability::read_itsi_upgrade_readiness_prechecks]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_upgrade_readiness_prechecks]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_upgrade_readiness_prechecks]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Sandbox
|
|
#####################
|
|
|
|
[capability::read_itsi_sandbox]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_sandbox]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_sandbox]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Sandbox Service
|
|
#####################
|
|
|
|
[capability::read_itsi_sandbox_service]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_sandbox_service]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_sandbox_service]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Sandbox Sync log
|
|
#####################
|
|
|
|
[capability::read_itsi_sandbox_sync_log]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_sandbox_sync_log]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_sandbox_sync_log]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# Admin Console
|
|
#####################
|
|
|
|
[capability::read_itsi_admin_console]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_admin_console]
|
|
disabled = 0
|
|
|
|
#####################
|
|
# KPI Entity Threshold
|
|
#####################
|
|
|
|
[capability::read_itsi_kpi_entity_threshold]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_kpi_entity_threshold]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_kpi_entity_threshold]
|
|
|
|
# Data Integration
|
|
#####################
|
|
|
|
[capability::read_itsi_data_integration]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_data_integration]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_data_integration]
|
|
disabled = 0
|
|
|
|
[capability::read_itsi_event_management_export]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_event_management_export]
|
|
disabled = 0
|
|
|
|
[capability::delete_itsi_event_management_export]
|
|
disabled = 0
|
|
|
|
[capability::read_itsi_event_management_rules_properties]
|
|
disabled = 0
|
|
|
|
[capability::write_itsi_event_management_rules_properties]
|
|
disabled = 0
|