Grant users access to APM Server indices | APM Server Reference [6.5]

A newer version is available. For the latest information, see the current release documentation.

›

« Configure authentication credentials Configure APM Server to use encrypted connections »

Grant users access to APM Server indicesedit

To enable users to access the indices APM Server creates, grant them read and view_index_metadata privileges on the APM Server indices. If they’re using Kibana, they also need the kibana_user role.

Create a reader role that has the read and view_index_metadata privileges on the APM Server indices.

You can create roles from the Management > Roles UI in Kibana or through the role API. For example, the following request creates a role named apm_reader:
```
POST _xpack/security/role/apm_reader
{
  "indices": [
    {
      "names": [ "apm-*" ], 
      "privileges": ["read","view_index_metadata"]
    }
  ]
}
```
If you use a custom APM Server index pattern, specify that pattern instead of the default apm-* pattern.
Assign your users the reader role so they can access the APM Server indices. For Kibana users who need to visualize the data, also assign the kibana_user role:
1. If you’re using the native realm, you can assign roles with the Management > Users UI in Kibana or through the user API. For example, the following request grants apm_user the apm_reader and kibana_user roles:
```
POST /_xpack/security/user/apm_user
{
  "password" : "YOUR_PASSWORD",
  "roles" : [ "apm_reader","kibana_user"],
  "full_name" : "APM Server User"
}
```
2. If you’re using the LDAP, Active Directory, or PKI realms, you assign the roles in the role_mapping.yml configuration file. For example, the following snippet grants APM Server User the apm_reader and kibana_user roles:
```
apm_reader:
  - "cn=APM Server User,dc=example,dc=com"
kibana_user:
  - "cn=APM Server User,dc=example,dc=com"
```
  For more information, see Using Role Mapping Files.

« Configure authentication credentials Configure APM Server to use encrypted connections »