Setup role

Administrators who set up Synthetics typically need to enable Monitor Management.

Monitor Management will be enabled automatically when a user with the required permissions loads the Synthetics UI. This must be completed just once by an admin before any users with the Writer role can create synthetic monitors. This applies to monitors created via both projects and the UI.

As a best practice, grant the setup role to administrators only, and use a more restrictive role for event publishing.

Create a setup role, called something like synthetics_setup:

Start with the editor built-in role. This role grants full access to all features in Kibana (including the Observability solution) and read-only access to data indices. ::::{note}
The editor built-in role will grant write access to all Kibana apps. If you want to limit write access to the Synthetics app only, refer to Limited write access. If you choose this approach, you will still need to grant the privileges in the next step. ::::

Grant the role additional privileges that are required to enable Monitor Management:

Grant all of the following privileges:

Type	Privilege	Purpose
Cluster	`monitor`	Allows the user to retrieve cluster details.
Cluster	`manage_ilm`	Allows the user access to all index lifecycle management operations related to managing policies.
Cluster	`read_pipeline`	Gives the user read-only access to the ingest pipline.
Index	`synthetics-*`: `view_index_metadata`	Gives the user read-only access to index and data stream metadata.
Index	`synthetics-*`: `create_doc`	Allows the user to index documents.
Index	`synthetics-*`: `auto_configure`	Permits auto-creation of indices and data streams.
Index	`synthetics-*`: `monitor`	Gives access to all actions that are required for monitoring (recovery, segments info, index stats, and status).

Note

If users with the setup role also need to create, modify, and delete monitors, add the privileges defined in the writer role.