[REQUEST]: Document minimal permissions to use Observability dashboards

[bmorelli25]

Description

I would expect every O11y App to have a page like this one https://www.elastic.co/guide/en/security/8.7/detections-permissions-section.html

Kibana O11y Apps

APM

URL: https://www.elastic.co/guide/en/apm/guide/current/apm-data-streams.html Problem:

APM also relies on other system indices .apm...

APM has also a very complex querying architecture (with fallbacks) due to the fact some data gets pre-aggregated by APM Server and stores already aggregated histograms in order to be faster visualizing graphs.

Infra

URL: https://www.elastic.co/guide/en/observability/current/configure-settings.html

Uptime & Synthetics

URL: https://www.elastic.co/guide/en/observability/current/configure-uptime-settings.html

Actionable Obs

URL: https://www.elastic.co/guide/en/kibana/8.7/alerting-setup.html Problem:

It's not fully clear if we should provide access to the o11y indices of each kind of alert or something else

ML Jobs for O11y

URL: https://www.elastic.co/guide/en/machine-learning/current/ootb-ml-jobs.html Problem:

It's not fully clear what are the permissions to provide in order to setup & run those only on specific APM data.

Resources

Especially if the customer is fully 8.x and eventually using only Elastic Agents managed by Fleet, the suggestion to use namespaces per team might be an option (with consequences on many more data streams being created and possible scalability issues).

We do not do a great job at communicating in the docs what are the indices to put there and at least from my perspective, we should be more opinionated in the docs to push customers/users to avoid customizing index names as much as possible. Customizing index names often lead to problems with Index Templates not being applied and therefore the queries executed by the Kibana app failing behind the scenes because of mapping issues.

• https://github.com/elastic/sdh-kibana/issues/3680

Collaboration

The documentation team will investigate the issue and create the initial content.

Point of contact.

Main contact: @

Stakeholders:

[dedemorton]

@bmorelli25 I'm going to set the status to "Needs Input" because this issue is missing some detail, specifically:

• Who is the main contact?
• What specifically is the "ask" here:
  • Make sure we document the minimal permissions to use obs apps/dashboards, or
  • Create a page like this one for every observability app? (The page cited covers more than permission.)
• What are the permissions required to use the Observability apps/features? The related SDH speculates but doesn't provide guidance. I guess we would need SMEs to fill in the details for the following features?
  • APM
  • Logs
  • Infra monitoring
  • Synthetic monitoring
  • Uptime monitoring
  • RUM
  • Universal profiling?
  • Alerting
  • SLOs
  • Cases?

Someone needs to test whatever recommendations we make (as we both know, with the testing, there be dragons).

Is this issue really ready to work on right now? Or should we wait until someone creates a KB article that contains the details we need to write this content?