Check user privileges Added in 6.4.0

GET /_security/user/_has_privileges

Determine whether the specified user has a specified list of privileges.

External documentation
application/json

Body Required

  • application array[object]
    Hide application attributes Show application attributes object
    • application string Required

      The name of the application.

    • privileges array[string] Required

      A list of the privileges that you want to check for the specified resources. May be either application privilege names, or the names of actions that are granted by those privileges

    • resources array[string] Required

      A list of resource names against which the privileges should be checked

  • cluster array[string]

    A list of the cluster privileges that you want to check.

  • index array[object]
    Hide index attributes Show index attributes object
    • names string | array[string] Required
    • privileges array[string] Required

      A list of the privileges that you want to check for the specified indices.

    • allow_restricted_indices boolean

      This needs to be set to true (default is false) if using wildcards or regexps for patterns that cover restricted indices. Implicitly, restricted indices do not match index patterns because restricted indices usually have limited privileges and including them in pattern tests would render most such tests false. If restricted indices are explicitly included in the names list, privileges will be checked against them regardless of the value of allow_restricted_indices.

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • application object Required
      Hide application attribute Show application attribute object
      • * object Additional properties
        Hide * attribute Show * attribute object
        • * object Additional properties
          Hide * attribute Show * attribute object
          • * boolean Additional properties
    • cluster object Required
      Hide cluster attribute Show cluster attribute object
      • * boolean Additional properties
    • has_all_requested boolean Required
    • index object Required
      Hide index attribute Show index attribute object
      • * object Additional properties
        Hide * attribute Show * attribute object
        • * boolean Additional properties
    • username string Required
GET /_security/user/_has_privileges 
curl \
 -X GET http://api.example.com/_security/user/_has_privileges \
 -H "Content-Type: application/json" \
 -d '{"application":[{"application":"string","privileges":["string"],"resources":["string"]}],"cluster":["string"],"index":[{"names":"string","privileges":["string"],"allow_restricted_indices":true}]}'
Request examples 
{
  "application": [
    {
      "application": "string",
      "privileges": [
        "string"
      ],
      "resources": [
        "string"
      ]
    }
  ],
  "cluster": [
    "string"
  ],
  "index": [
    {
      "names": "string",
      "privileges": [
        "string"
      ],
      "allow_restricted_indices": true
    }
  ]
}
Response examples (200) 
{
  "application": {
    "additionalProperty1": {
      "additionalProperty1": {
        "additionalProperty1": true,
        "additionalProperty2": true
      },
      "additionalProperty2": {
        "additionalProperty1": true,
        "additionalProperty2": true
      }
    },
    "additionalProperty2": {
      "additionalProperty1": {
        "additionalProperty1": true,
        "additionalProperty2": true
      },
      "additionalProperty2": {
        "additionalProperty1": true,
        "additionalProperty2": true
      }
    }
  },
  "cluster": {
    "additionalProperty1": true,
    "additionalProperty2": true
  },
  "has_all_requested": true,
  "index": {
    "additionalProperty1": {
      "additionalProperty1": true,
      "additionalProperty2": true
    },
    "additionalProperty2": {
      "additionalProperty1": true,
      "additionalProperty2": true
    }
  },
  "username": "string"
}