- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 7.8
- Get started
- Set up Kibana
- Discover
- Dashboard
- Canvas
- Maps
- Machine learning
- Graph
- Visualize
- Logs
- Metrics
- APM
- Uptime
- SIEM
- Dev Tools
- Stack Monitoring
- Management
- Advanced Settings
- Alerts and Actions
- Beats Central Management
- Cross-Cluster Replication
- Index Lifecycle Policies
- Index Management
- Ingest Node Pipelines
- Index patterns and fields
- License Management
- Numeral Formatting
- Remote Clusters
- Rollup Jobs
- Saved Objects
- Security
- Snapshot and Restore
- Spaces
- Upgrade Assistant
- Watcher
- Ingest Manager
- Reporting
- Alerting and Actions
- REST API
- Kibana plugins
- Accessibility
- Limitations
- Breaking Changes
- Release Notes
- Kibana 7.8.1
- Kibana 7.8.0
- Kibana 7.7.1
- Kibana 7.7.0
- Kibana 7.6.2
- Kibana 7.6.1
- Kibana 7.6.0
- Kibana 7.5.2
- Kibana 7.5.1
- Kibana 7.5.0
- Kibana 7.4.2
- Kibana 7.4.1
- Kibana 7.4.0
- Kibana 7.3.2
- Kibana 7.3.1
- Kibana 7.3.0
- Kibana 7.2.1
- Kibana 7.2.0
- Kibana 7.1.1
- Kibana 7.1.0
- Kibana 7.0.1
- Kibana 7.0.0
- Kibana 7.0.0-rc2
- Kibana 7.0.0-rc1
- Kibana 7.0.0-beta1
- Kibana 7.0.0-alpha2
- Kibana 7.0.0-alpha1
- Developer guide
Create or update role API
editCreate or update role API
edit[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Create a new Kibana role, or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
Request
editPUT <kibana host>:<port>/api/security/role/my_kibana_role
Prerequisite
editTo use the create or update role API, you must have the manage_security
cluster privilege.
Request body
edit-
metadata
-
(Optional, object) In the
metadata
object, keys that begin with_
are reserved for system usage. -
elasticsearch
-
(Optional, object) Elasticsearch cluster and index privileges. Valid keys include
cluster
,indices
, andrun_as
. For more information, see Defining roles. -
kibana
-
(list) Objects that specify the Kibana privileges for the role.
Properties of
kibana
-
base
-
(Optional, list) A base privilege. When specified, the base must be
["all"]
or["read"]
. When thebase
privilege is specified, you are unable to use thefeature
section. "all" grants read/write access to all Kibana features for the specified spaces. "read" grants read-only access to all Kibana features for the specified spaces. -
feature
-
(object) Contains privileges for specific features.
When the
feature
privileges are specified, you are unable to use thebase
section. To retrieve a list of available features, use the features API. -
spaces
-
(list) The spaces to apply the privileges to.
To grant access to all spaces, set to
["*"]
, or omit the value.
-
Response code
edit-
204
- Indicates a successful call.
Examples
editGrant access to various features in all spaces:
$ curl -X PUT api/security/role/my_kibana_role { "metadata" : { "version" : 1 }, "elasticsearch": { "cluster" : [ ], "indices" : [ ] }, "kibana": [ { "base": [], "feature": { "discover": [ "all" ], "visualize": [ "all" ], "dashboard": [ "all" ], "dev_tools": [ "read" ], "advancedSettings": [ "read" ], "indexPatterns": [ "read" ], "timelion": [ "all" ], "graph": [ "all" ], "apm": [ "read" ], "maps": [ "read" ], "canvas": [ "read" ], "infrastructure": [ "all" ], "logs": [ "all" ], "uptime": [ "all" ] }, "spaces": [ "*" ] } ] }
Grant dashboard-only access to only the Marketing space:
$ curl -X PUT api/security/role/my_kibana_role { "metadata" : { "version" : 1 }, "elasticsearch": { "cluster" : [ ], "indices" : [ ] }, "kibana": [ { "base": [], "feature": { "dashboard": ["read"] }, "spaces": [ "marketing" ] } ] }
Grant full access to all features in the Default space:
$ curl -X PUT api/security/role/my_kibana_role { "metadata" : { "version" : 1 }, "elasticsearch": { "cluster" : [ ], "indices" : [ ] }, "kibana": [ { "base": ["all"], "feature": { }, "spaces": [ "default" ] } ] }
Grant different access to different spaces:
$ curl -X PUT api/security/role/my_kibana_role { "metadata" : { "version" : 1 }, "elasticsearch": { "cluster" : [ ], "indices" : [ ] }, "kibana": [ { "base": [], "feature": { "discover": ["all"], "dashboard": ["all"] }, "spaces": [ "default" ] }, { "base": ["read"], "spaces": [ "marketing", "sales" ] } ] }
Grant access to Kibana and Elasticsearch:
$ curl -X PUT api/security/role/my_kibana_role { "metadata" : { "version" : 1 }, "elasticsearch": { "cluster" : [ "all" ], "indices" : [ { "names" : [ "index1", "index2" ], "privileges" : [ "all" ], "field_security" : { "grant" : [ "title", "body" ] }, "query" : "{\"match\": {\"title\": \"foo\"}}" } ] }, "kibana": [ { "base": ["all"], "feature": { }, "spaces": [ "default" ] } ] }