Find roles with a query Added in 8.15.0

POST /_security/_query/role

Get roles in a paginated manner. You can optionally filter the results with a query.

application/json

Body

  • query object

    Additional properties are allowed.

    Hide query attributes Show query attributes object
    • match object

      Returns roles that match a provided text, number, date or boolean value. The provided text is analyzed before matching.

    • prefix object

      Returns roles that contain a specific prefix in a provided field.

    • range object

      Returns roles that contain terms within a provided range.

    • term object

      Returns roles that contain an exact term in a provided field. To return a document, the query term must exactly match the queried field's value, including whitespace and capitalization.

    • wildcard object

      Returns roles that contain terms matching a wildcard pattern.

  • from number

    Starting document offset. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.

  • sort string | object | array[string | object]

    One of:

    Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

    One of:

    Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

  • size number

    The number of hits to return. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.

  • search_after array[number | string | boolean | null | object]

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • total number Required

      The total number of roles found.

    • count number Required

      The number of roles returned in the response.

    • roles array[object] Required

      The list of roles.

      Hide roles attributes Show roles attributes object
      • cluster array[string]

        A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute.

      • indices array[object]

        A list of indices permissions entries.

        Hide indices attributes Show indices attributes object
        • Additional properties are allowed.

        • privileges array[string] Required

          The index level privileges that owners of the role have on the specified indices.

        • Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.

      • remote_indices array[object]

        A list of indices permissions for remote clusters.

        Hide remote_indices attributes Show remote_indices attributes object
        • clusters string | array[string] Required
        • Additional properties are allowed.

        • privileges array[string] Required

          The index level privileges that owners of the role have on the specified indices.

        • Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.

      • remote_cluster array[object]

        A list of cluster permissions for remote clusters. Note - this is limited a subset of the cluster permissions.

        Hide remote_cluster attributes Show remote_cluster attributes object
        • clusters string | array[string] Required
        • privileges array[string] Required

          The cluster level privileges that owners of the role have on the remote cluster.

          Values are monitor_enrich or monitor_stats.

      • global array[object] | object

        An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.

        One of:

        Additional properties are allowed.

      • applications array[object]

        A list of application privilege entries

        Hide applications attributes Show applications attributes object
        • application string Required

          The name of the application to which this entry applies.

        • privileges array[string] Required

          A list of strings, where each element is the name of an application privilege or action.

        • resources array[string] Required

          A list resources to which the privileges are applied.

      • metadata object
        Hide metadata attribute Show metadata attribute object
        • * object Additional properties

          Additional properties are allowed.

      • run_as array[string]

        A list of users that the API keys can impersonate. Note: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty run_as field, but a non-empty list will be rejected.

      • Optional description of the role descriptor

      • Additional properties are allowed.

        Hide restriction attribute Show restriction attribute object
      • Hide transient_metadata attribute Show transient_metadata attribute object
        • * object Additional properties

          Additional properties are allowed.

      • _sort array[number | string | boolean | null | object]
      • name string Required

        Name of the role.

POST /_security/_query/role
curl \
 -X POST http://api.example.com/_security/_query/role \
 -H "Content-Type: application/json" \
 -d '{"query":{"match":{},"prefix":{},"range":{},"term":{},"wildcard":{}},"from":42.0,"":"string","size":42.0,"search_after":[42.0]}'
Request examples
{
  "query": {
    "match": {},
    "prefix": {},
    "range": {},
    "term": {},
    "wildcard": {}
  },
  "from": 42.0,
  "": "string",
  "size": 42.0,
  "search_after": [
    42.0
  ]
}
Response examples (200)
{
  "total": 42.0,
  "count": 42.0,
  "roles": [
    {
      "cluster": [
        "string"
      ],
      "indices": [
        {
          "field_security": {},
          "privileges": [
            "string"
          ],
          "allow_restricted_indices": true
        }
      ],
      "remote_indices": [
        {
          "clusters": "string",
          "field_security": {},
          "privileges": [
            "string"
          ],
          "allow_restricted_indices": true
        }
      ],
      "remote_cluster": [
        {
          "clusters": "string",
          "privileges": [
            "monitor_enrich"
          ]
        }
      ],
      "global": [
        {}
      ],
      "applications": [
        {
          "application": "string",
          "privileges": [
            "string"
          ],
          "resources": [
            "string"
          ]
        }
      ],
      "metadata": {
        "additionalProperty1": {},
        "additionalProperty2": {}
      },
      "run_as": [
        "string"
      ],
      "description": "string",
      "restriction": {
        "workflows": [
          "string"
        ]
      },
      "transient_metadata": {
        "additionalProperty1": {},
        "additionalProperty2": {}
      },
      "_sort": [
        42.0
      ],
      "name": "string"
    }
  ]
}