Beginning with {stack} version 8.1, you no longer require the built-in elastic superuser credentials to use {fleet} and Integrations.
Assigning the {kib} feature privileges Fleet and Integrations grants access to these features:
all-
Grants full read-write access.
read-
Grants read-only access.
The built-in editor role grants the following privileges, supporting full read-write access to {fleet} and Integrations:
-
{Fleet}:
All -
Integrations:
All
The built-in viewer role grants the following privileges, supporting read-only access to {fleet} and Integrations:
-
{Fleet}::
None -
Integrations::
Read
You can also create a new role that can be assigned to a user to grant access to {fleet} and Integrations.
To create a new role with full access to use and manage {fleet} and Integrations:
-
In {kib}, go to Management → Stack Management.
-
In the Security section, select Roles.
-
Select Create role.
-
Specify a name for the role.
-
Leave the {es} settings at their defaults, or refer to {ref}/security-privileges.html[Security privileges] for descriptions of the available settings.
-
In the {kib} section, select Add Kibana privilege.
-
In the Spaces menu, select * All Spaces. Since many Integrations assets are shared across spaces, the users needs the {kib} privileges in all spaces.
-
Expand the Management section.
-
Set Fleet privileges to All.
-
Set Integrations privileges to All.
To create a read-only user for Integrations, follow the same steps as above but set the Fleet privileges to None and the Integrations privileges to Read.
Read-only access to {fleet} is not currently supported but is planned for development in a later release.