Beginning with {stack} version 8.1, you no longer require the built-in elastic superuser credentials to use {fleet} and Integrations.
Assigning the {kib} feature privileges Fleet and Integrations grants access to these features:
all-
Grants full read-write access.
read-
Grants read-only access.
none-
No access is granted.
Take advantage of these privilege settings by:
{es} comes with built-in roles that include default privileges.
editor-
The built-in
editorrole grants the following privileges, supporting full read-write access to {fleet} and Integrations:-
{Fleet}:
all -
Integrations:
all
-
viewer-
The built-in
viewerrole grants the following privileges, supporting read-only access to {fleet} and Integrations:-
{Fleet}:
read -
Integrations:
read
-
You can also create a new role that can be assigned to a user, in order to grant more specific levels of access to {fleet} and Integrations.
To create a new role with access to {fleet} and Integrations:
-
In {kib}, go to Management → Stack Management.
-
In the Security section, select Roles.
-
Select Create role.
-
Specify a name for the role.
-
Leave the {es} settings at their defaults, or refer to {ref}/security-privileges.html[Security privileges] for descriptions of the available settings.
-
In the {kib} section, select Assign to space.
-
In the Spaces menu, select * All Spaces. Since many Integrations assets are shared across spaces, the users need the {kib} privileges in all spaces.
-
Expand the Management section.
-
Choose the access level that you’d like the role to have with respect to {fleet} and integrations:
-
To grant the role full access to use and manage {fleet} and integrations, set both the Fleet and Integrations privileges to
All.
-
Similarly, to create a read-only user for {fleet} and Integrations, set both the Fleet and Integrations privileges to
Read.
-
Once you’ve created a new role you can assign it to any {es} user. You can edit the role at any time by returning to the Roles page in {kib}.