Applications UI central config user

Central configuration manager ¶

Central configuration users need to be able to view, create, update, and delete APM agent configurations.

Create a new role, named something like central-config-manager, and assign the following privileges: <div class="tabs" data-tab-group="central-config-manager">
<div role="tablist" aria-label="Central config manager">
<button role="tab"
aria-selected="true"
aria-controls="data-streams-tab"
id="data-streams">
Data streams
</button>
<button role="tab"
aria-selected="false"
aria-controls="classic-indices-tab"
id="classic-indices"
tabindex="-1">
Classic APM indices
</button>
</div>
<div tabindex="0"
role="tabpanel"
id="data-streams-tab"
aria-labelledby="data-streams">
| Type | Privilege | Purpose |
| --- | --- | --- |
| Index | read on apm-agent-configuration | Read-only access to apm-agent-configuration data |
| Index | view_index_metadata on apm-agent-configuration | Read-only access to apm-agent-configuration index metadata |
| Index | read on logs-apm* | Read-only access to logs-apm* data |
| Index | view_index_metadata on logs-apm* | Read-only access to logs-apm* index metadata |
| Index | read on metrics-apm* | Read-only access to metrics-apm* data |
| Index | view_index_metadata on metrics-apm* | Read-only access to metrics-apm* index metadata |
| Index | read on traces-apm* | Read-only access to traces-apm* data |
| Index | view_index_metadata on traces-apm* | Read-only access to traces-apm* index metadata | </div>
<div tabindex="0"
role="tabpanel"
id="classic-indices-tab"
aria-labelledby="classic-indices"
hidden="">
| Type | Privilege | Purpose |
| --- | --- | --- |
| Index | read on apm-* | Read-only access to apm-* data |
| Index | view_index_metadata on apm-* | Read-only access to apm-* index metadata | </div>
</div>
::::{tip}
Using the deprecated APM Server binaries? Add the privileges under the Classic APM indices tab above.
::::
Assign the central-config-manager role created in the previous step, and the following Kibana feature privileges to anyone who needs to manage central configurations:

Type Privilege Purpose

Kibana All on the APM and User Experience feature Allow full use of the Applications and User Experience UIs

	Type	Privilege	Purpose
	Kibana	`All` on the APM and User Experience feature	Allow full use of the Applications and User Experience UIs

Central configuration reader ¶

In some instances, you may wish to create a user that can only read central configurations, but not create, update, or delete them.

Create a new role, named something like central-config-reader, and assign the following privileges: <div class="tabs" data-tab-group="central-config-manager">
<div role="tablist" aria-label="Central config manager">
<button role="tab"
aria-selected="true"
aria-controls="data-streams-tab"
id="data-streams">
Data streams
</button>
<button role="tab"
aria-selected="false"
aria-controls="classic-indices-tab"
id="classic-indices"
tabindex="-1">
Classic APM indices
</button>
</div>
<div tabindex="0"
role="tabpanel"
id="data-streams-tab"
aria-labelledby="data-streams">
| Type | Privilege | Purpose |
| --- | --- | --- |
| Index | read on apm-agent-configuration | Read-only access to apm-agent-configuration data |
| Index | view_index_metadata on apm-agent-configuration | Read-only access to apm-agent-configuration index metadata |
| Index | read on logs-apm* | Read-only access to logs-apm* data |
| Index | view_index_metadata on logs-apm* | Read-only access to logs-apm* index metadata |
| Index | read on metrics-apm* | Read-only access to metrics-apm* data |
| Index | view_index_metadata on metrics-apm* | Read-only access to metrics-apm* index metadata |
| Index | read on traces-apm* | Read-only access to traces-apm* data |
| Index | view_index_metadata on traces-apm* | Read-only access to traces-apm* index metadata | </div>
<div tabindex="0"
role="tabpanel"
id="classic-indices-tab"
aria-labelledby="classic-indices"
hidden="">
| Type | Privilege | Purpose |
| --- | --- | --- |
| Index | read on apm-* | Read-only access to apm-* data |
| Index | view_index_metadata on apm-* | Read-only access to apm-* index metadata | </div>
</div>
::::{tip}
Using the deprecated APM Server binaries? Add the privileges under the Classic APM indices tab above.
::::
Assign the central-config-reader role created in the previous step, and the following Kibana feature privileges to anyone who needs to read central configurations:

Type Privilege Purpose

Kibana read on the APM and User Experience feature Allow read access to the Applications and User Experience UIs

	Type	Privilege	Purpose
	Kibana	`read` on the APM and User Experience feature	Allow read access to the Applications and User Experience UIs

Central configuration API ¶

See Create an API user.