IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

« APM app annotation user APM app API user »

› › ›

APM app central config user

edit

APM app central config user

edit

Central configuration manager

edit

Central configuration users need to be able to view, create, update, and delete Agent configurations.

Create a new role, named something like central-config-manager, and assign the following privileges:

Type	Privilege	Purpose
Index	`read` on `apm-*`	Read-only access to `apm-*` data
Index	`view_index_metadata` on `apm-*`	Read-only access to `apm-*` index metadata

Type	Privilege	Purpose
Index	`read` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` data
Index	`view_index_metadata` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` index metadata
Index	`read` on `logs-apm*`	Read-only access to `logs-apm*` data
Index	`view_index_metadata` on `logs-apm*`	Read-only access to `logs-apm*` index metadata
Index	`read` on `metrics-apm*`	Read-only access to `metrics-apm*` data
Index	`view_index_metadata` on `metrics-apm*`	Read-only access to `metrics-apm*` index metadata
Index	`read` on `traces-apm*`	Read-only access to `traces-apm*` data
Index	`view_index_metadata` on `traces-apm*`	Read-only access to `traces-apm*` index metadata

Using the APM integration for Elastic Agent? Add the privileges under the Data streams tab.

Assign the central-config-manager role created in the previous step, and the following Kibana space privileges to anyone who needs to manage central configurations:

Type Privilege Purpose

Spaces

All on APM app

Allow full use of the APM app

Type	Privilege	Purpose
Spaces	`All` on APM app	Allow full use of the APM app

Central configuration reader

edit

In some instances, you may wish to create a user that can only read central configurations, but not create, update, or delete them.

Create a new role, named something like central-config-reader, and assign the following privileges:

Type	Privilege	Purpose
Index	`read` on `apm-*`	Read-only access to `apm-*` data
Index	`view_index_metadata` on `apm-*`	Read-only access to `apm-*` index metadata

Type	Privilege	Purpose
Index	`read` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` data
Index	`view_index_metadata` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` index metadata
Index	`read` on `logs-apm*`	Read-only access to `logs-apm*` data
Index	`view_index_metadata` on `logs-apm*`	Read-only access to `logs-apm*` index metadata
Index	`read` on `metrics-apm*`	Read-only access to `metrics-apm*` data
Index	`view_index_metadata` on `metrics-apm*`	Read-only access to `metrics-apm*` index metadata
Index	`read` on `traces-apm*`	Read-only access to `traces-apm*` data
Index	`view_index_metadata` on `traces-apm*`	Read-only access to `traces-apm*` index metadata

Using the APM integration for Elastic Agent? Add the privileges under the Data streams tab.

Assign the central-config-reader role created in the previous step, and the following Kibana space privileges to anyone who needs to read central configurations:

Type Privilege Purpose

Spaces

read on the APM app

Allow read access to the APM app

Type	Privilege	Purpose
Spaces	`read` on the APM app	Allow read access to the APM app

Central configuration API

edit

See Create an API user.

« APM app annotation user APM app API user »