Check user profile privileges | Elasticsearch API (v8)

Check user profile privileges Added in 8.3.0

POST /_security/profile/_has_privileges

Determine whether the users associated with the specified user profile IDs have all the requested privileges.

External documentation

application/json

Body Required

uids array[string] Required

A list of profile IDs. The privileges are checked for associated users of the profiles.
privileges object Required

Additional properties are allowed.
Hide privileges attributes Show privileges attributes object
- application array[object]
  Hide application attributes Show application attributes object
  
  application string Required
  
  The name of the application.
  
  privileges array[string] Required
  
  A list of the privileges that you want to check for the specified resources. May be either application privilege names, or the names of actions that are granted by those privileges
  
  resources array[string] Required
  
  A list of resource names against which the privileges should be checked
- cluster array[string]
  
  A list of the cluster privileges that you want to check.
- index array[object]
  Hide index attributes Show index attributes object
  
  names string | array[string] Required
  
  privileges array[string] Required
  
  A list of the privileges that you want to check for the specified indices.
  
  allow_restricted_indices boolean
  
  This needs to be set to true (default is false) if using wildcards or regexps for patterns that cover restricted indices. Implicitly, restricted indices do not match index patterns because restricted indices usually have limited privileges and including them in pattern tests would render most such tests false. If restricted indices are explicitly included in the names list, privileges will be checked against them regardless of the value of allow_restricted_indices.

Responses

200 application/json
Hide response attributes Show response attributes object
- has_privilege_uids array[string] Required
  
  The subset of the requested profile IDs of the users that have all the requested privileges.
- errors object
  
  Additional properties are allowed.
  
  Hide errors attributes Show errors attributes object
  
  count number Required
  
  details object Required
  
  Hide details attribute Show details attribute object
  
  * object
  
  Additional properties are allowed.
  
  Hide * attributes Show * attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in english
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  Additional properties are allowed.
  
  root_cause array[object]
  
  Additional properties are allowed.
  
  suppressed array[object]
  
  Additional properties are allowed.

POST /_security/profile/_has_privileges

curl \
 -X POST http://api.example.com/_security/profile/_has_privileges \
 -H "Content-Type: application/json" \
 -d '{"uids":["string"],"privileges":{"application":[{"application":"string","privileges":["string"],"resources":["string"]}],"cluster":["string"],"index":[{"names":"string","privileges":["string"],"allow_restricted_indices":true}]}}'

Request examples

{
  "uids": [
    "string"
  ],
  "privileges": {
    "application": [
      {
        "application": "string",
        "privileges": [
          "string"
        ],
        "resources": [
          "string"
        ]
      }
    ],
    "cluster": [
      "string"
    ],
    "index": [
      {
        "names": "string",
        "privileges": [
          "string"
        ],
        "allow_restricted_indices": true
      }
    ]
  }
}

Response examples (200)

{
  "has_privilege_uids": [
    "string"
  ],
  "errors": {
    "count": 42.0,
    "details": {
      "*": {
        "type": "string",
        "reason": "string",
        "stack_trace": "string",
        "caused_by": {},
        "root_cause": [
          {}
        ],
        "suppressed": [
          {}
        ]
      }
    }
  }
}