IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

« APM app annotation user APM app storage explorer user »

› › ›

APM app central config user

edit

APM app central config user

edit

Central configuration manager

edit

Central configuration users need to be able to view, create, update, and delete APM agent configurations.

Create a new role, named something like central-config-manager, and assign the following privileges:

Type	Privilege	Purpose
Index	`read` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` data
Index	`view_index_metadata` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` index metadata
Index	`read` on `logs-apm*`	Read-only access to `logs-apm*` data
Index	`view_index_metadata` on `logs-apm*`	Read-only access to `logs-apm*` index metadata
Index	`read` on `metrics-apm*`	Read-only access to `metrics-apm*` data
Index	`view_index_metadata` on `metrics-apm*`	Read-only access to `metrics-apm*` index metadata
Index	`read` on `traces-apm*`	Read-only access to `traces-apm*` data
Index	`view_index_metadata` on `traces-apm*`	Read-only access to `traces-apm*` index metadata

Type	Privilege	Purpose
Index	`read` on `apm-*`	Read-only access to `apm-*` data
Index	`view_index_metadata` on `apm-*`	Read-only access to `apm-*` index metadata

Using the deprecated APM Server binaries? Add the privileges under the Classic APM indices tab above.

Assign the central-config-manager role created in the previous step, and the following Kibana feature privileges to anyone who needs to manage central configurations:

Type Privilege Purpose

Kibana

All on the APM and User Experience feature

Allow full use of the APM and User Experience apps

Type	Privilege	Purpose
Kibana	`All` on the APM and User Experience feature	Allow full use of the APM and User Experience apps

Central configuration reader

edit

In some instances, you may wish to create a user that can only read central configurations, but not create, update, or delete them.

Create a new role, named something like central-config-reader, and assign the following privileges:

Type	Privilege	Purpose
Index	`read` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` data
Index	`view_index_metadata` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` index metadata
Index	`read` on `logs-apm*`	Read-only access to `logs-apm*` data
Index	`view_index_metadata` on `logs-apm*`	Read-only access to `logs-apm*` index metadata
Index	`read` on `metrics-apm*`	Read-only access to `metrics-apm*` data
Index	`view_index_metadata` on `metrics-apm*`	Read-only access to `metrics-apm*` index metadata
Index	`read` on `traces-apm*`	Read-only access to `traces-apm*` data
Index	`view_index_metadata` on `traces-apm*`	Read-only access to `traces-apm*` index metadata

Type	Privilege	Purpose
Index	`read` on `apm-*`	Read-only access to `apm-*` data
Index	`view_index_metadata` on `apm-*`	Read-only access to `apm-*` index metadata

Using the deprecated APM Server binaries? Add the privileges under the Classic APM indices tab above.

Assign the central-config-reader role created in the previous step, and the following Kibana feature privileges to anyone who needs to read central configurations:

Type Privilege Purpose

Kibana

read on the APM and User Experience feature

Allow read access to the APM and User Experience apps

Type	Privilege	Purpose
Kibana	`read` on the APM and User Experience feature	Allow read access to the APM and User Experience apps

Central configuration API

edit

See Create an API user.

« APM app annotation user APM app storage explorer user »