APM app central config user | Kibana Guide [7.13]

IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

› › ›

« APM app annotation user APM app API user »

APM app central config useredit

Central configuration manageredit

Central configuration users need to be able to view, create, update, and delete Agent configurations.

Create a new role, named something like central-config-manager, and assign the following privileges:

Type	Privilege	Purpose
Index	`read` on `apm-*`	Read-only access to `apm-*` data
Index	`view_index_metadata` on `apm-*`	Read-only access to `apm-*` index metadata

Type	Privilege	Purpose
Index	`read` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` data
Index	`view_index_metadata` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` index metadata
Index	`read` on `logs-apm*`	Read-only access to `logs-apm*` data
Index	`view_index_metadata` on `logs-apm*`	Read-only access to `logs-apm*` index metadata
Index	`read` on `metrics-apm*`	Read-only access to `metrics-apm*` data
Index	`view_index_metadata` on `metrics-apm*`	Read-only access to `metrics-apm*` index metadata
Index	`read` on `traces-apm*`	Read-only access to `traces-apm*` data
Index	`view_index_metadata` on `traces-apm*`	Read-only access to `traces-apm*` index metadata

Using the APM integration for Elastic Agent? Add the privileges under the Data streams tab.

Assign the central-config-manager role created in the previous step, and the following Kibana space privileges to anyone who needs to manage central configurations:

Type Privilege Purpose

Spaces

All on APM app

Allow full use of the APM app

Type	Privilege	Purpose
Spaces	`All` on APM app	Allow full use of the APM app

Central configuration readeredit

In some instances, you may wish to create a user that can only read central configurations, but not create, update, or delete them.

Create a new role, named something like central-config-reader, and assign the following privileges:

Type	Privilege	Purpose
Index	`read` on `apm-*`	Read-only access to `apm-*` data
Index	`view_index_metadata` on `apm-*`	Read-only access to `apm-*` index metadata

Type	Privilege	Purpose
Index	`read` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` data
Index	`view_index_metadata` on `apm-agent-configuration`	Read-only access to `apm-agent-configuration` index metadata
Index	`read` on `logs-apm*`	Read-only access to `logs-apm*` data
Index	`view_index_metadata` on `logs-apm*`	Read-only access to `logs-apm*` index metadata
Index	`read` on `metrics-apm*`	Read-only access to `metrics-apm*` data
Index	`view_index_metadata` on `metrics-apm*`	Read-only access to `metrics-apm*` index metadata
Index	`read` on `traces-apm*`	Read-only access to `traces-apm*` data
Index	`view_index_metadata` on `traces-apm*`	Read-only access to `traces-apm*` index metadata

Using the APM integration for Elastic Agent? Add the privileges under the Data streams tab.

Assign the central-config-reader role created in the previous step, and the following Kibana space privileges to anyone who needs to read central configurations:

Type Privilege Purpose

Spaces

read on the APM app

Allow read access to the APM app

Type	Privilege	Purpose
Spaces	`read` on the APM app	Allow read access to the APM app

Central configuration APIedit

See Create an API user.

« APM app annotation user APM app API user »