IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

« APM app annotation user APM app API user »

› › ›

APM app central config user

edit

IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

APM app central config user

edit

Central configuration manager

edit

Central configuration users need to be able to view, create, update, and delete Agent configurations.

Create a new role, named something like central-config-manager, and assign the following privileges:

Type	Privilege	Purpose
Index	`read` on `apm-*`	Read-only access to `apm-*` data
Index	`view_index_metadata` on `apm-*`	Read-only access to `apm-*` index metadata

Type	Privilege	Purpose
Index	`read` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` data
Index	`view_index_metadata` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` index metadata
Index	`read` on `logs-apm*`	Read-only access to `logs-apm*` data
Index	`view_index_metadata` on `logs-apm*`	Read-only access to `logs-apm*` index metadata
Index	`read` on `metrics-apm*`	Read-only access to `metrics-apm*` data
Index	`view_index_metadata` on `metrics-apm*`	Read-only access to `metrics-apm*` index metadata
Index	`read` on `traces-apm*`	Read-only access to `traces-apm*` data
Index	`view_index_metadata` on `traces-apm*`	Read-only access to `traces-apm*` index metadata

Using the APM integration for Elastic Agent? Add the privileges under the Data streams tab.

Assign the central-config-manager role created in the previous step, and the following Kibana feature privileges to anyone who needs to manage central configurations:

Type Privilege Purpose

Kibana

All on the APM and User Experience feature

Allow full use of the APM and User Experience apps

Type	Privilege	Purpose
Kibana	`All` on the APM and User Experience feature	Allow full use of the APM and User Experience apps

Central configuration reader

edit

In some instances, you may wish to create a user that can only read central configurations, but not create, update, or delete them.

Create a new role, named something like central-config-reader, and assign the following privileges:

Type	Privilege	Purpose
Index	`read` on `apm-*`	Read-only access to `apm-*` data
Index	`view_index_metadata` on `apm-*`	Read-only access to `apm-*` index metadata

Type	Privilege	Purpose
Index	`read` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` data
Index	`view_index_metadata` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` index metadata
Index	`read` on `logs-apm*`	Read-only access to `logs-apm*` data
Index	`view_index_metadata` on `logs-apm*`	Read-only access to `logs-apm*` index metadata
Index	`read` on `metrics-apm*`	Read-only access to `metrics-apm*` data
Index	`view_index_metadata` on `metrics-apm*`	Read-only access to `metrics-apm*` index metadata
Index	`read` on `traces-apm*`	Read-only access to `traces-apm*` data
Index	`view_index_metadata` on `traces-apm*`	Read-only access to `traces-apm*` index metadata

Using the APM integration for Elastic Agent? Add the privileges under the Data streams tab.

Assign the central-config-reader role created in the previous step, and the following Kibana feature privileges to anyone who needs to read central configurations:

Type Privilege Purpose

Kibana

read on the APM and User Experience feature

Allow read access to the APM and User Experience apps

Type	Privilege	Purpose
Kibana	`read` on the APM and User Experience feature	Allow read access to the APM and User Experience apps

Central configuration API

edit

See Create an API user.

« APM app annotation user APM app API user »