APM app central config user
editAPM app central config user
editCentral configuration manager
editCentral configuration users need to be able to view, create, update, and delete Agent configurations.
-
Create a new role, named something like
central-config-manager
, and assign the following privileges:Type Privilege Purpose Index
read
onapm-*
Read-only access to
apm-*
dataIndex
view_index_metadata
onapm-*
Read-only access to
apm-*
index metadataType Privilege Purpose Index
read
onapm-agent-configuration
Read-only access to
apm-agent-configuration
dataIndex
view_index_metadata
onapm-agent-configuration
Read-only access to
apm-agent-configuration
index metadataIndex
read
onlogs-apm*
Read-only access to
logs-apm*
dataIndex
view_index_metadata
onlogs-apm*
Read-only access to
logs-apm*
index metadataIndex
read
onmetrics-apm*
Read-only access to
metrics-apm*
dataIndex
view_index_metadata
onmetrics-apm*
Read-only access to
metrics-apm*
index metadataIndex
read
ontraces-apm*
Read-only access to
traces-apm*
dataIndex
view_index_metadata
ontraces-apm*
Read-only access to
traces-apm*
index metadataUsing the APM integration for Elastic Agent? Add the privileges under the Data streams tab.
-
Assign the
central-config-manager
role created in the previous step, and the following Kibana space privileges to anyone who needs to manage central configurations:Type Privilege Purpose Spaces
All
on APM appAllow full use of the APM app
Central configuration reader
editIn some instances, you may wish to create a user that can only read central configurations, but not create, update, or delete them.
-
Create a new role, named something like
central-config-reader
, and assign the following privileges:Type Privilege Purpose Index
read
onapm-*
Read-only access to
apm-*
dataIndex
view_index_metadata
onapm-*
Read-only access to
apm-*
index metadataType Privilege Purpose Index
read
onapm-agent-configuration
Read-only access to
apm-agent-configuration
dataIndex
view_index_metadata
onapm-agent-configuration
Read-only access to
apm-agent-configuration
index metadataIndex
read
onlogs-apm*
Read-only access to
logs-apm*
dataIndex
view_index_metadata
onlogs-apm*
Read-only access to
logs-apm*
index metadataIndex
read
onmetrics-apm*
Read-only access to
metrics-apm*
dataIndex
view_index_metadata
onmetrics-apm*
Read-only access to
metrics-apm*
index metadataIndex
read
ontraces-apm*
Read-only access to
traces-apm*
dataIndex
view_index_metadata
ontraces-apm*
Read-only access to
traces-apm*
index metadataUsing the APM integration for Elastic Agent? Add the privileges under the Data streams tab.
-
Assign the
central-config-reader
role created in the previous step, and the following Kibana space privileges to anyone who needs to read central configurations:Type Privilege Purpose Spaces
read
on the APM appAllow read access to the APM app
Central configuration API
editSee Create an API user.