Create or Update Role
editCreate or Update Role
editThis API is experimental and may be changed or removed completely in a future release. Although the underlying mechanism of enforcing role-based access control is stable, the APIs for managing the roles are currently experimental.
Creates a new Kibana role or updates the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
Authorization
editTo use this API, you must have at least the manage_security
cluster privilege.
Request
editTo create or update a role, issue a PUT request to the
/api/security/role/<rolename>
endpoint.
PUT /api/security/role/my_kibana_role
Request Body
editThe following parameters can be specified in the body of a PUT request to add or update a role:
-
metadata
-
(object) Optional meta-data. Within the
metadata
object, keys that begin with_
are reserved for system usage. -
elasticsearch
-
(object) Optional Elasticsearch cluster and index privileges, valid keys are
cluster
,indices
andrun_as
. For more information, see Defining roles. -
kibana
-
(object) An object that specifies the Kibana privileges. Valid keys are
global
andspace
. Privileges defined in theglobal
key will apply to all spaces within Kibana, and will take precedent over any privileges defined in thespace
key. For example, specifyingglobal: ["all"]
will grant full access to all spaces within Kibana, even if the role indicates that a specific space should only haveread
privileges.
Example
editPUT /api/security/role/my_kibana_role { "metadata" : { "version" : 1 }, "elasticsearch": { "cluster" : [ "all" ], "indices" : [ { "names" : [ "index1", "index2" ], "privileges" : [ "all" ], "field_security" : { "grant" : [ "title", "body" ] }, "query" : "{\"match\": {\"title\": \"foo\"}}" } ] }, "kibana": { "global": ["all"] } }
Response
editA successful call returns a response code of 204
and no response body.
Granting access to specific spaces
editTo grant access to individual spaces within Kibana, specify the space identifier within the kibana
object.
Note: granting access
PUT /api/security/role/my_kibana_role { "metadata" : { "version" : 1 }, "elasticsearch": { "cluster" : [ "all" ], "indices" : [ { "names" : [ "index1", "index2" ], "privileges" : [ "all" ], "field_security" : { "grant" : [ "title", "body" ] }, "query" : "{\"match\": {\"title\": \"foo\"}}" } ] }, "kibana": { "global": [], "space": { "marketing": ["all"], "engineering": ["read"] } } }