- Elastic Docs/
- Solutions and use cases/
- Observability solution/
- Applications and services/
- Application performance monitoring (APM)/
- Use APM securely/
- Secure access to the Applications UI
Applications UI annotation user
Note
By default, theviewer andeditor built-in roles provide read access to Observability annotations. You only need to create an annotation user to write to the annotations index (xpack.observability.annotations.index).
View deployment annotations in the Applications UI.
Create a new role, named something like
annotation_user, and assign the following privileges:Type Privilege Purpose Index readon{{ANNOTATION_INDEX}}1Read-only access to the observability annotation index Index view_index_metadataon{{ANNOTATION_INDEX}}1Read-only access to observability annotation index metadata 1
{{ANNOTATION_INDEX}}should be the index name you’ve defined inxpack.observability.annotations.index.Assign the
annotation_usercreated previously, and the roles and privileges necessary to create afull orpartial APM reader to any users that need to view annotations in the Applications UI