This is a cache of https://www.elastic.co/guide/en/observability/8.19/apm-app-central-config-user.html. It is a snapshot of the page as it appeared on 2025-11-26T03:21:03.191+0000.
Applications UI central config user | Elastic Observability [8.19] | Elastic
« Applications UI API user Applications UI storage explorer user »
Elastic Docs Elastic Observability [8.19] Application and service monitoring Application performance monitoring (APM) Use APM securely Secure access to the Applications UI

Applications UI central config user

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
Applications UI central config user
edit
Central configuration manageredit

Central configuration users need to be able to view, create, update, and delete APM agent configurations.

  1. Create a new role, named something like central-config-manager, and assign the following privileges:

    Type Privilege Purpose

    Index

    read on apm-agent-configuration

    Read-only access to apm-agent-configuration data

    Index

    view_index_metadata on apm-agent-configuration

    Read-only access to apm-agent-configuration index metadata

    Index

    read on logs-apm*

    Read-only access to logs-apm* data

    Index

    view_index_metadata on logs-apm*

    Read-only access to logs-apm* index metadata

    Index

    read on metrics-apm*

    Read-only access to metrics-apm* data

    Index

    view_index_metadata on metrics-apm*

    Read-only access to metrics-apm* index metadata

    Index

    read on traces-apm*

    Read-only access to traces-apm* data

    Index

    view_index_metadata on traces-apm*

    Read-only access to traces-apm* index metadata

    Using the deprecated APM Server binaries? Add the privileges under the Classic APM indices tab above.

  2. Assign the central-config-manager role created in the previous step, and the following Kibana feature privileges to anyone who needs to manage central configurations:

    Type Privilege Purpose

    Kibana

    All on the APM and User Experience feature

    Allow full use of the Applications and User Experience UIs
Central configuration readeredit

In some instances, you may wish to create a user that can only read central configurations, but not create, update, or delete them.

  1. Create a new role, named something like central-config-reader, and assign the following privileges:

    Type Privilege Purpose

    Index

    read on apm-agent-configuration

    Read-only access to apm-agent-configuration data

    Index

    view_index_metadata on apm-agent-configuration

    Read-only access to apm-agent-configuration index metadata

    Index

    read on logs-apm*

    Read-only access to logs-apm* data

    Index

    view_index_metadata on logs-apm*

    Read-only access to logs-apm* index metadata

    Index

    read on metrics-apm*

    Read-only access to metrics-apm* data

    Index

    view_index_metadata on metrics-apm*

    Read-only access to metrics-apm* index metadata

    Index

    read on traces-apm*

    Read-only access to traces-apm* data

    Index

    view_index_metadata on traces-apm*

    Read-only access to traces-apm* index metadata

    Using the deprecated APM Server binaries? Add the privileges under the Classic APM indices tab above.

  2. Assign the central-config-reader role created in the previous step, and the following Kibana feature privileges to anyone who needs to read central configurations:

    Type Privilege Purpose

    Kibana

    read on the APM and User Experience feature

    Allow read access to the Applications and User Experience UIs
Central configuration APIedit

See Create an API user.

« Applications UI API user Applications UI storage explorer user »