A newer version is available. For the latest information, see the current release documentation.
« Configure authentication credentials Configure APM Server to use encrypted connections »
Elastic Docs Securing APM Server Configure APM Server to use X-Pack security

Grant users access to APM Server indices

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Grant users access to APM Server indices

edit

To enable users to access the indices APM Server creates, grant them read and view_index_metadata privileges on the APM Server indices. If they’re using Kibana, they also need the kibana_user role.

X-Pack security provides a built-in role called apm_user that you can explicitly assign to users. This role grants them the necessary read and view_index_metadata privileges on the APM Server indices.

  1. Assign your users the apm_user role so they can access the APM Server indices. For Kibana users who need to visualize the data, also assign the kibana_user role:

    1. If you’re using the native realm, you can assign roles with the Management > Users UI in Kibana or through the user API. For example, the following request grants apm_account the apm_user and kibana_user roles:

      POST /_security/user/apm_account
{
  "password" : "YOUR_PASSWORD",
  "roles" : [ "apm_user","kibana_user"],
  "full_name" : "APM Server account"
}

    2. If you’re using the LDAP, Active Directory, or PKI realms, you assign the roles in the role_mapping.yml configuration file. For example, the following snippet grants apm_account the apm_user and kibana_user roles:

      apm_user:
  - "cn=apm_account,dc=example,dc=com"
kibana_user:
  - "cn=apm_account,dc=example,dc=com"

      For more information, see Using Role Mapping Files.

« Configure authentication credentials Configure APM Server to use encrypted connections »