Grant users access to APM Server indicesedit
To enable users to access the indices APM Server creates, grant them read
and view_index_metadata
privileges on the APM Server indices. If they’re
using Kibana, they also need the kibana_user
role.
X-Pack security provides a built-in role called apm_user
that you can explicitly assign to users.
This role grants them the necessary read
and view_index_metadata
privileges on the APM Server indices.
-
Assign your users the
apm_user
role so they can access the APM Server indices. For Kibana users who need to visualize the data, also assign thekibana_user
role:-
If you’re using the
native
realm, you can assign roles with the Management > Users UI in Kibana or through theuser
API. For example, the following request grantsapm_account
theapm_user
andkibana_user
roles:POST /_security/user/apm_account { "password" : "YOUR_PASSWORD", "roles" : [ "apm_user","kibana_user"], "full_name" : "APM Server account" }
-
If you’re using the LDAP, Active Directory, or PKI realms, you assign the roles in the
role_mapping.yml
configuration file. For example, the following snippet grantsapm_account
theapm_user
andkibana_user
roles:apm_user: - "cn=apm_account,dc=example,dc=com" kibana_user: - "cn=apm_account,dc=example,dc=com"
For more information, see Using Role Mapping Files.
-