WARNING: Version 6.0 of Elasticsearch has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
The has_privileges API allows you to determine whether the logged in user has
a specified list of privileges.
For a list of the privileges that you can specify in this API, see Security Privileges.
A successful call returns a JSON structure that shows whether each specified privilege is assigned to the user.
-
cluster - (list) A list of the cluster privileges that you want to check.
-
index -
-
names - (list) A list of indices.
-
privileges - (list) A list of the privileges that you want to check for the specified indices.
-
All users can use this API, but only to determine their own privileges. To check the privileges of other users, you must use the run as feature. For more information, see Submitting Requests on Behalf of Other Users.
The following example checks whether the current user has a specific set of cluster and indices privileges:
GET _xpack/security/user/_has_privileges
{
"cluster": [ "monitor", "manage" ],
"index" : [
{
"names": [ "suppliers", "products" ],
"privileges": [ "read" ]
},
{
"names": [ "inventory" ],
"privileges" : [ "read", "write" ]
}
]
}
The following example output indicates which privileges the "rdeniro" user has:
{
"username": "rdeniro",
"has_all_requested" : false,
"cluster" : {
"monitor" : true,
"manage" : false
},
"index" : {
"suppliers" : {
"read" : true
},
"products" : {
"read" : true
},
"inventory" : {
"read" : true,
"write" : false
}
}
}