Create or update role mappings Added in 5.5.0

POST /_security/role_mapping/{name}

Role mappings define which roles are assigned to each user. Each mapping has rules that identify users and a list of roles that are granted to those users. The role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.

This API does not create roles. Rather, it maps users to existing roles. Roles can be created by using the create or update roles API or roles files.

Path parameters

  • name string Required

    Role-mapping name

Query parameters

  • refresh string

    If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes.

    Values are true, false, or wait_for.

application/json

Body Required

  • enabled boolean
  • metadata object
    Hide metadata attribute Show metadata attribute object
    • * object Additional properties

      Additional properties are allowed.

  • roles array[string]
  • role_templates array[object]
    Hide role_templates attributes Show role_templates attributes object
    • format string

      Values are string or json.

    • template object Required

      Additional properties are allowed.

      Hide template attributes Show template attributes object
      • source string

        The script source.

      • id string
      • params object

        Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

        Hide params attribute Show params attribute object
        • * object Additional properties

          Additional properties are allowed.

      • lang string

        Any of:

        Values are painless, expression, mustache, or java.

      • options object
        Hide options attribute Show options attribute object
        • * string Additional properties
  • rules object

    Additional properties are allowed.

    Hide rules attributes Show rules attributes object
    • any array[object]

      Additional properties are allowed.

    • all array[object]

      Additional properties are allowed.

    • field object

      Additional properties are allowed.

      Hide field attributes Show field attributes object
    • except object

      Additional properties are allowed.

  • run_as array[string]

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • created boolean
    • role_mapping object Required

      Additional properties are allowed.

      Hide role_mapping attribute Show role_mapping attribute object
POST /_security/role_mapping/{name}
curl \
 -X POST http://api.example.com/_security/role_mapping/{name} \
 -H "Content-Type: application/json" \
 -d '{"enabled":true,"metadata":{"additionalProperty1":{},"additionalProperty2":{}},"roles":["string"],"role_templates":[{"format":"string","template":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}}}],"rules":{"any":[{}],"all":[{}],"field":{"username":"string","dn":"string","groups":"string"},"except":{}},"run_as":["string"]}'
Request examples
{
  "enabled": true,
  "metadata": {
    "additionalProperty1": {},
    "additionalProperty2": {}
  },
  "roles": [
    "string"
  ],
  "role_templates": [
    {
      "format": "string",
      "template": {
        "source": "string",
        "id": "string",
        "params": {
          "additionalProperty1": {},
          "additionalProperty2": {}
        },
        "": "painless",
        "options": {
          "additionalProperty1": "string",
          "additionalProperty2": "string"
        }
      }
    }
  ],
  "rules": {
    "any": [
      {}
    ],
    "all": [
      {}
    ],
    "field": {
      "username": "string",
      "dn": "string",
      "groups": "string"
    },
    "except": {}
  },
  "run_as": [
    "string"
  ]
}
Response examples (200)
{
  "created": true,
  "role_mapping": {
    "created": true
  }
}