Get roles

GET /_security/role/{name}

Get roles in the native realm. The role management APIs are generally the preferred way to manage roles, rather than using file-based role management. The get roles API cannot retrieve roles that are defined in roles files.

Path parameters

  • name string | array[string] Required

    The name of the role. You can specify multiple roles as a comma-separated list. If you do not specify this parameter, the API returns information about all roles.

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
    • * object Additional properties

      Additional properties are allowed.

      Hide * attributes Show * attributes object
      • cluster array[string] Required
      • indices array[object] Required
        Hide indices attributes Show indices attributes object
        • Additional properties are allowed.

          Hide field_security attributes Show field_security attributes object
        • names string | array[string]

          A list of indices (or index name patterns) to which the permissions in this entry apply.

        • privileges array[string] Required

          The index level privileges that owners of the role have on the specified indices.

        • query string | object

          While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

          Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

          One of:

          Additional properties are allowed.

        • Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.

      • remote_indices array[object]
        Hide remote_indices attributes Show remote_indices attributes object
      • remote_cluster array[object]
        Hide remote_cluster attributes Show remote_cluster attributes object
        • clusters string | array[string] Required
        • privileges array[string] Required

          The cluster level privileges that owners of the role have on the remote cluster.

          Values are monitor_enrich or monitor_stats.

      • metadata object Required
        Hide metadata attribute Show metadata attribute object
        • * object Additional properties

          Additional properties are allowed.

      • run_as array[string] Required
      • Hide transient_metadata attribute Show transient_metadata attribute object
        • * object Additional properties

          Additional properties are allowed.

      • applications array[object] Required
        Hide applications attributes Show applications attributes object
        • application string Required

          The name of the application to which this entry applies.

        • privileges array[string] Required

          A list of strings, where each element is the name of an application privilege or action.

        • resources array[string] Required

          A list resources to which the privileges are applied.

      • role_templates array[object]
        Hide role_templates attributes Show role_templates attributes object
        • format string

          Values are string or json.

        • template object Required

          Additional properties are allowed.

          Hide template attributes Show template attributes object
          • source string

            The script source.

          • id string
          • params object

            Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

            Hide params attribute Show params attribute object
            • * object Additional properties

              Additional properties are allowed.

          • lang string

            Any of:

            Values are painless, expression, mustache, or java.

          • options object
            Hide options attribute Show options attribute object
            • * string Additional properties
      • global object
        Hide global attribute Show global attribute object
        • * object Additional properties
          Hide * attribute Show * attribute object
          • * object Additional properties
            Hide * attribute Show * attribute object
            • * array[string] Additional properties
GET /_security/role/{name}
curl \
 -X GET http://api.example.com/_security/role/{name}
Response examples (200)
{
  "additionalProperty1": {
    "cluster": [
      "string"
    ],
    "indices": [
      {
        "field_security": {
          "except": "string",
          "grant": "string"
        },
        "names": "string",
        "privileges": [
          "string"
        ],
        "": "string",
        "allow_restricted_indices": true
      }
    ],
    "remote_indices": [
      {
        "clusters": "string",
        "field_security": {
          "except": "string",
          "grant": "string"
        },
        "names": "string",
        "privileges": [
          "string"
        ],
        "": "string",
        "allow_restricted_indices": true
      }
    ],
    "remote_cluster": [
      {
        "clusters": "string",
        "privileges": [
          "monitor_enrich"
        ]
      }
    ],
    "metadata": {
      "additionalProperty1": {},
      "additionalProperty2": {}
    },
    "run_as": [
      "string"
    ],
    "transient_metadata": {
      "additionalProperty1": {},
      "additionalProperty2": {}
    },
    "applications": [
      {
        "application": "string",
        "privileges": [
          "string"
        ],
        "resources": [
          "string"
        ]
      }
    ],
    "role_templates": [
      {
        "format": "string",
        "template": {
          "source": "string",
          "id": "string",
          "params": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "": "painless",
          "options": {
            "additionalProperty1": "string",
            "additionalProperty2": "string"
          }
        }
      }
    ],
    "global": {
      "additionalProperty1": {
        "additionalProperty1": {
          "additionalProperty1": [
            "string"
          ],
          "additionalProperty2": [
            "string"
          ]
        },
        "additionalProperty2": {
          "additionalProperty1": [
            "string"
          ],
          "additionalProperty2": [
            "string"
          ]
        }
      },
      "additionalProperty2": {
        "additionalProperty1": {
          "additionalProperty1": [
            "string"
          ],
          "additionalProperty2": [
            "string"
          ]
        },
        "additionalProperty2": {
          "additionalProperty1": [
            "string"
          ],
          "additionalProperty2": [
            "string"
          ]
        }
      }
    }
  },
  "additionalProperty2": {
    "cluster": [
      "string"
    ],
    "indices": [
      {
        "field_security": {
          "except": "string",
          "grant": "string"
        },
        "names": "string",
        "privileges": [
          "string"
        ],
        "": "string",
        "allow_restricted_indices": true
      }
    ],
    "remote_indices": [
      {
        "clusters": "string",
        "field_security": {
          "except": "string",
          "grant": "string"
        },
        "names": "string",
        "privileges": [
          "string"
        ],
        "": "string",
        "allow_restricted_indices": true
      }
    ],
    "remote_cluster": [
      {
        "clusters": "string",
        "privileges": [
          "monitor_enrich"
        ]
      }
    ],
    "metadata": {
      "additionalProperty1": {},
      "additionalProperty2": {}
    },
    "run_as": [
      "string"
    ],
    "transient_metadata": {
      "additionalProperty1": {},
      "additionalProperty2": {}
    },
    "applications": [
      {
        "application": "string",
        "privileges": [
          "string"
        ],
        "resources": [
          "string"
        ]
      }
    ],
    "role_templates": [
      {
        "format": "string",
        "template": {
          "source": "string",
          "id": "string",
          "params": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "": "painless",
          "options": {
            "additionalProperty1": "string",
            "additionalProperty2": "string"
          }
        }
      }
    ],
    "global": {
      "additionalProperty1": {
        "additionalProperty1": {
          "additionalProperty1": [
            "string"
          ],
          "additionalProperty2": [
            "string"
          ]
        },
        "additionalProperty2": {
          "additionalProperty1": [
            "string"
          ],
          "additionalProperty2": [
            "string"
          ]
        }
      },
      "additionalProperty2": {
        "additionalProperty1": {
          "additionalProperty1": [
            "string"
          ],
          "additionalProperty2": [
            "string"
          ]
        },
        "additionalProperty2": {
          "additionalProperty1": [
            "string"
          ],
          "additionalProperty2": [
            "string"
          ]
        }
      }
    }
  }
}