Get role mappings Added in 5.5.0

GET /_security/role_mapping/{name}

Role mappings define which roles are assigned to each user. The role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The get role mappings API cannot retrieve role mappings that are defined in role mapping files.

Path parameters

  • name string | array[string] Required

    The distinct name that identifies the role mapping. The name is used solely as an identifier to facilitate interaction via the API; it does not affect the behavior of the mapping in any way. You can specify multiple mapping names as a comma-separated list. If you do not specify this parameter, the API returns information about all role mappings.

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
    • * object Additional properties

      Additional properties are allowed.

      Hide * attributes Show * attributes object
      • enabled boolean Required
      • metadata object Required
        Hide metadata attribute Show metadata attribute object
        • * object Additional properties

          Additional properties are allowed.

      • roles array[string]
      • role_templates array[object]
        Hide role_templates attributes Show role_templates attributes object
        • format string

          Values are string or json.

        • template object Required

          Additional properties are allowed.

          Hide template attributes Show template attributes object
          • source string

            The script source.

          • id string
          • params object

            Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

            Hide params attribute Show params attribute object
            • * object Additional properties

              Additional properties are allowed.

          • lang string

            Any of:

            Values are painless, expression, mustache, or java.

          • options object
            Hide options attribute Show options attribute object
            • * string Additional properties
      • rules object Required

        Additional properties are allowed.

        Hide rules attributes Show rules attributes object
        • any array[object]

          Additional properties are allowed.

        • all array[object]

          Additional properties are allowed.

        • field object

          Additional properties are allowed.

          Hide field attributes Show field attributes object
        • except object

          Additional properties are allowed.

GET /_security/role_mapping/{name}
curl \
 -X GET http://api.example.com/_security/role_mapping/{name}
Response examples (200)
{
  "additionalProperty1": {
    "enabled": true,
    "metadata": {
      "additionalProperty1": {},
      "additionalProperty2": {}
    },
    "roles": [
      "string"
    ],
    "role_templates": [
      {
        "format": "string",
        "template": {
          "source": "string",
          "id": "string",
          "params": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "": "painless",
          "options": {
            "additionalProperty1": "string",
            "additionalProperty2": "string"
          }
        }
      }
    ],
    "rules": {
      "any": [
        {}
      ],
      "all": [
        {}
      ],
      "field": {
        "username": "string",
        "dn": "string",
        "groups": "string"
      },
      "except": {}
    }
  },
  "additionalProperty2": {
    "enabled": true,
    "metadata": {
      "additionalProperty1": {},
      "additionalProperty2": {}
    },
    "roles": [
      "string"
    ],
    "role_templates": [
      {
        "format": "string",
        "template": {
          "source": "string",
          "id": "string",
          "params": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "": "painless",
          "options": {
            "additionalProperty1": "string",
            "additionalProperty2": "string"
          }
        }
      }
    ],
    "rules": {
      "any": [
        {}
      ],
      "all": [
        {}
      ],
      "field": {
        "username": "string",
        "dn": "string",
        "groups": "string"
      },
      "except": {}
    }
  }
}