NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
Get User Privileges API
editGet User Privileges API
editSynchronous Execution
editWhen executing the get-user-privileges
API in the following manner, the client waits
for the GetUserPrivilegesResponse
to be returned before continuing with code execution:
GetUserPrivilegesResponse response = client.security().getUserPrivileges(RequestOptions.DEFAULT);
Synchronous calls may throw an IOException
in case of either failing to
parse the REST response in the high-level REST client, the request times out
or similar cases where there is no response coming back from the server.
In cases where the server returns a 4xx
or 5xx
error code, the high-level
client tries to parse the response body error details instead and then throws
a generic ElasticsearchException
and adds the original ResponseException
as a
suppressed exception to it.
Asynchronous Execution
editThe get-user-privileges
API can also be called in an asynchronous fashion so that
the client can return directly. Users need to specify how the response or
potential failures will be handled by passing a listener to the
asynchronous get-user-privileges method:
The asynchronous method does not block and returns immediately. Once it is
completed the ActionListener
is called back using the onResponse
method
if the execution successfully completed or using the onFailure
method if
it failed. Failure scenarios and expected exceptions are the same as in the
synchronous execution case.
A typical listener for get-user-privileges
looks like:
Get User Privileges Response
editThe returned GetUserPrivilegesResponse
contains the following properties
-
clusterPrivileges
-
A
Set
of all cluster privileges that are held by the user. This will be the union of all the cluster privileges from the user’s roles. -
globalPrivileges
-
A
Set
of all global privileges that are held by the user. This will be the union of all the global privileges from the user’s roles. Because this a union of multiple roles, it may contain multiple privileges for the samecategory
andoperation
(which is why is is represented as aSet
rather than a single object). -
indicesPrivileges
-
A
Set
of all index privileges that are held by the user. This will be the union of all the index privileges from the user’s roles. Because this a union of multiple roles, it may contain multiple privileges for the sameindex
, and those privileges may have independent field level security access grants and/or multiple document level security queries. -
applicationPrivileges
-
A
Set
of all application privileges that are held by the user. This will be the union of all the application privileges from the user’s roles. -
runAsPrivilege
-
A
Set
representation of the run-as privilege that is held by the user. This will be the union of the run-as privilege from each of the user’s roles.
final Set<String> cluster = response.getClusterPrivileges(); final Set<UserIndicesPrivileges> index = response.getIndicesPrivileges(); final Set<ApplicationResourcePrivileges> application = response.getApplicationPrivileges(); final Set<String> runAs = response.getRunAsPrivilege();