APM app central config user

edit

Central configuration manager

edit

Central configuration users need to be able to view, create, update, and delete Agent configurations.

  1. Create a new role, named something like central-config-manager, and assign the following privileges:

    Type Privilege Purpose

    Index

    read on apm-*

    Read-only access to apm-* data

    Index

    view_index_metadata on apm-*

    Read-only access to apm-* index metadata

    Using the APM integration for Elastic Agent? Add the privileges under the Data streams tab.

  2. Assign the central-config-manager role created in the previous step, and the following Kibana feature privileges to anyone who needs to manage central configurations:

    Type Privilege Purpose

    Kibana

    All on the APM and User Experience feature

    Allow full use of the APM and User Experience apps

Central configuration reader

edit

In some instances, you may wish to create a user that can only read central configurations, but not create, update, or delete them.

  1. Create a new role, named something like central-config-reader, and assign the following privileges:

    Type Privilege Purpose

    Index

    read on apm-*

    Read-only access to apm-* data

    Index

    view_index_metadata on apm-*

    Read-only access to apm-* index metadata

    Using the APM integration for Elastic Agent? Add the privileges under the Data streams tab.

  2. Assign the central-config-reader role created in the previous step, and the following Kibana feature privileges to anyone who needs to read central configurations:

    Type Privilege Purpose

    Kibana

    read on the APM and User Experience feature

    Allow read access to the APM and User Experience apps

Central configuration API

edit

See Create an API user.