elastic
docs: Incorrect docs on standalone apm roles causing missing permissions on `traces-apm.sampled` data stream
APM Server version (apm-server version): confirmed on 8.19.2 but should affect many versions
Description of the problem including expected versus actual behavior:
expected: follow apm docs on setting up apm_writer and other roles, see no errors when using TBS actual: follow apm docs on setting up apm_writer and other roles, see 403 permission error logs due to pubsub when using TBS
This docs bug need to be checked and fixed in both 8.x and 9.x. 9.x has a apm_tail_based_sampling role from PR https://github.com/elastic/docs-content/pull/1065 but appears to be incomplete.
Steps to reproduce:
Please include a minimal but complete recreation of the problem, including server configuration, agent(s) used, etc. The easier you make it for us to reproduce it, the more likely that somebody will take the time to look at it.
- follow 9.x docs and 8.19 docs to setup api key for standalone apm-server
- enable tbs
- observe for pubsub error logs from apm-server
Provide logs (if relevant):
"action [indices:monitor/stats] is unauthorized for user [apm_server] with effective roles [apm_writer] on indices [traces-apm.sampled-test], this action is granted by the index privileges [monitor,cross_cluster_replication,manage,all]"
action [indices:admin/refresh] is unauthorized for user [apm_server] with effective roles [apm_writer] on indices [.ds-traces-apm.sampled-test-2025.08.25-001441,.ds-traces-apm.sampled-test-2025.08.24-001433,.ds-traces-apm.sampled-test-2025.08.24-001435,.ds-traces-apm.sampled-test-2025.08.24-001437,.ds-traces-apm.sampled-test-2025.08.24-001439], this action is granted by the index privileges [maintenance,manage,all]"
action [indices:data/read/search] is unauthorized for user [apm_server] with effective roles [apm_writer] on indices [.ds-traces-apm.sampled-test-2025.08.24-001437], this action is granted by the index privileges [read,all]"
