Anomaly Detection & Ops • Room 2

ITSI Access Control

ITSI integrates with Splunk's RBAC system. Key roles include itoa_admin (full access), itoa_team_admin (team management), and itoa_user (read-only analyst).

ITSI Teams group users and the services they manage. The networking team only sees network services; the database team only sees database services. This implements least-privilege access control.

NOC operators should get itoa_user (read-only). They need to see Glass Tables but should never edit service configurations.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Drag items to their correct zone (or tap item then tap zone on mobile)

itoa_admin — Full ITSI configuration and management

itoa_team_admin — Manage team services and settings

itoa_user — Read-only, view Glass Tables and dashboards

Full Access

Team Management

Read-Only