Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[APM] docs: add annotation user privileges #70265

Merged
merged 1 commit into from
Jul 6, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/apm/api.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -355,6 +355,7 @@ allowing you to easily see how these events are impacting the performance of you

By default, annotations are stored in a newly created `observability-annotations` index.
The name of this index can be changed in your `config.yml` by editing `xpack.observability.annotations.index`.
If you change the default index name, you'll also need to <<apm-app-annotation-user-create,update your user privileges>> accordingly.

The following APIs are available:

Expand Down
50 changes: 49 additions & 1 deletion docs/apm/apm-app-users.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

:beat_default_index_prefix: apm
:beat_kib_app: APM app
:annotation_index: `observability-annotations`
:annotation_index: observability-annotations

++++
<titleabbrev>Users and privileges</titleabbrev>
Expand Down Expand Up @@ -102,6 +102,54 @@ Here are two examples:
*********************************** ***********************************
////

[role="xpack"]
[[apm-app-annotation-user-create]]
=== APM app annotation user

++++
<titleabbrev>Create an annotation user</titleabbrev>
++++

NOTE: By default, the `apm_user` built-in role provides access to Observability annotations.
You only need to create an annotation user if the default annotation index
defined in <<apm-settings-kb,`xpack.observability.annotations.index`>> has been customized.

[[apm-app-annotation-user]]
==== Annotation user

View deployment annotations in the APM app.

. Create a new role, named something like `annotation_user`,
and assign the following privileges:
+
[options="header"]
|====
|Type | Privilege | Purpose

|Index
|`read` on +\{ANNOTATION_INDEX\}+^1^
|Read-only access to the observability annotation index

|Index
|`view_index_metadata` on +\{ANNOTATION_INDEX\}+^1^
|Read-only access to observability annotation index metadata
|====
+
^1^ +\{ANNOTATION_INDEX\}+ should be the index name you've defined in
<<apm-settings-kb,`xpack.observability.annotations.index`>>.

. Assign the `annotation_user` created previously, and the built-in roles necessary to create
a <<apm-app-reader-full,full>> or <<apm-app-reader-partial,partial>> APM reader to any users that need to view annotations in the APM app

[[apm-app-annotation-api]]
==== Annotation API

See <<apm-app-api-user>>.

////
*********************************** ***********************************
////

[role="xpack"]
[[apm-app-central-config-user]]
=== APM app central config user
Expand Down