APM app central config user

edit

Central configuration manager

edit

Central configuration users need to be able to view, create, update, and delete Agent configurations.

  1. Create a new role, named something like central-config-manager, and assign the following privileges:

    Type Privilege Purpose

    Index

    read on apm-*

    Read-only access to apm-* data

    Index

    view_index_metadata on apm-*

    Read-only access to apm-* index metadata

    Using the APM integration for Elastic Agent? Add the privileges under the Data streams tab.

  2. Assign the central-config-manager role created in the previous step, and the following Kibana space privileges to anyone who needs to manage central configurations:

    Type Privilege Purpose

    Spaces

    All on APM app

    Allow full use of the APM app

Central configuration reader

edit

In some instances, you may wish to create a user that can only read central configurations, but not create, update, or delete them.

  1. Create a new role, named something like central-config-reader, and assign the following privileges:

    Type Privilege Purpose

    Index

    read on apm-*

    Read-only access to apm-* data

    Index

    view_index_metadata on apm-*

    Read-only access to apm-* index metadata

    Using the APM integration for Elastic Agent? Add the privileges under the Data streams tab.

  2. Assign the central-config-reader role created in the previous step, and the following Kibana space privileges to anyone who needs to read central configurations:

    Type Privilege Purpose

    Spaces

    read on the APM app

    Allow read access to the APM app

Central configuration API

edit

See Create an API user.