Create or Update Role
editCreate or Update Role
editThis API is experimental and may be changed or removed completely in a future release. Although the underlying mechanism of enforcing role-based access control is stable, the APIs for managing the roles are currently experimental.
Creates a new Kibana role or updates the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
Note: You cannot access this endpoint via the Console in Kibana.
Authorization
editTo use this API, you must have at least the manage_security
cluster privilege.
Request
editTo create or update a role, issue a PUT request to the
/api/security/role/<rolename>
endpoint.
PUT /api/security/role/my_kibana_role
Request Body
editThe following parameters can be specified in the body of a PUT request to add or update a role:
-
metadata
-
(object) Optional meta-data. Within the
metadata
object, keys that begin with_
are reserved for system usage. -
elasticsearch
-
(object) Optional Elasticsearch cluster and index privileges, valid keys are
cluster
,indices
andrun_as
. For more information, see Defining roles. -
kibana
-
(object) An object that specifies the Kibana privileges. Valid keys are
global
andspace
. Privileges defined in theglobal
key will apply to all spaces within Kibana, and will take precedent over any privileges defined in thespace
key. For example, specifyingglobal: ["all"]
will grant full access to all spaces within Kibana, even if the role indicates that a specific space should only haveread
privileges.
Example
editPUT /api/security/role/my_kibana_role { "metadata" : { "version" : 1 }, "elasticsearch": { "cluster" : [ "all" ], "indices" : [ { "names" : [ "index1", "index2" ], "privileges" : [ "all" ], "field_security" : { "grant" : [ "title", "body" ] }, "query" : "{\"match\": {\"title\": \"foo\"}}" } ] }, "kibana": { "global": ["all"] } }
Response
editA successful call returns a response code of 204
and no response body.
Granting access to specific spaces
editTo grant access to individual spaces within Kibana, specify the space identifier within the kibana
object.
Note: granting access
PUT /api/security/role/my_kibana_role { "metadata" : { "version" : 1 }, "elasticsearch": { "cluster" : [ "all" ], "indices" : [ { "names" : [ "index1", "index2" ], "privileges" : [ "all" ], "field_security" : { "grant" : [ "title", "body" ] }, "query" : "{\"match\": {\"title\": \"foo\"}}" } ] }, "kibana": { "global": [], "space": { "marketing": ["all"], "engineering": ["read"] } } }