Define APM permission for services


I have an ELK cluster with APM server installed. The entire stack is updated to latest version(7.13.2 right now)

As far as now, my users can access to APM data through Kibana and they are able to see all applications which use APM.

Is there any possibility to give to a user/group permissions to see only some specific Services on APM Kibana?

Hey @ggio, you can use document-level security: Document level security | Elasticsearch Guide [7.13] | Elastic. In the query, you can include or exclude specific services by adding a term query on

A follow up question: do you want to restrict users from seeing services from a security perspective or organizational perspective?

For instance, would it be useful for you to limit the services displayed within APM even if users are still able to access the APM documents for all services via Discover and Dev Tools?
This is not a feature we have today but is something we might implement in the future if there's interest for this.

I'd like to restrict my users just from a organizational perspective.

It would be enough for me to limit services displayed within APM, it's not important if they can still access to APM documents using Discovery and Dev Tools(I could disable these functionalities using Kibana Spaces)

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.