Bulk create or update roles API
editBulk create or update roles API
editThis functionality is in technical preview, and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Create new Kibana roles, or update the attributes of an existing roles. Kibana roles are stored in the Elasticsearch native realm.
Request
editPOST <kibana host>:<port>/api/security/roles
Prerequisite
editTo use the bulk create or update roles API, you must have the manage_security
cluster privilege.
Request body
edit-
roles
- (object) Object that specifies the roles to add as a role name to role map.
-
<role_name>
(required) - (string) The role name.
-
description
- (Optional, string) Description for the role.
-
metadata
-
(Optional, object) In the
metadata
object, keys that begin with_
are reserved for system usage. -
elasticsearch
-
(Optional, object) Elasticsearch cluster and index privileges. Valid keys include
cluster
,indices
,remote_indices
,remote_cluster
, andrun_as
. For more information, see Defining roles. -
kibana
-
(list) Objects that specify the Kibana privileges for the role.
Properties of
kibana
-
base
-
(Optional, list) A base privilege. When specified, the base must be
["all"]
or["read"]
. When thebase
privilege is specified, you are unable to use thefeature
section. "all" grants read/write access to all Kibana features for the specified spaces. "read" grants read-only access to all Kibana features for the specified spaces. -
feature
-
(object) Contains privileges for specific features.
When the
feature
privileges are specified, you are unable to use thebase
section. To retrieve a list of available features, use the features API. -
spaces
-
(list) The spaces to apply the privileges to.
To grant access to all spaces, set to
["*"]
, or omit the value.
-
Response code
edit-
200
- Indicates a successful call.
Examples
editGrant access to various features in all spaces:
$ curl -X POST api/security/roles { "roles": { "my_kibana_role_1": { "description": "my_kibana_role_1_description", "metadata": { "version": 1 }, "elasticsearch": { "cluster": [], "indices": [] }, "kibana": [ { "base": [], "feature": { "discover": ["all"], "visualize": ["all"], "dashboard": ["all"], "dev_tools": ["read"], "advancedSettings": ["read"], "indexPatterns": ["read"], "graph": ["all"], "apm": ["read"], "maps": ["read"], "canvas": ["read"], "infrastructure": ["all"], "logs": ["all"], "uptime": ["all"] }, "spaces": ["*"] } ] }, "my_kibana_role_2": { "description": "my_kibana_role_2_description", "metadata": { "version": 1 }, "elasticsearch": { "cluster": [], "indices": [] }, "kibana": [ { "base": [], "feature": { "discover": ["all"], "visualize": ["all"], "dashboard": ["all"], "dev_tools": ["read"], "logs": ["all"], "uptime": ["all"] }, "spaces": ["*"] } ] } } }
Grant dashboard-only access to only the Marketing space for my_kibana_role_1
and dashboard-only access to only Sales space for my_kibana_role_2
:
$ curl -X POST api/security/roles { "roles": { "my_kibana_role_1": { "description": "Grants dashboard-only access to only the Marketing space.", "metadata": { "version": 1 }, "elasticsearch": { "cluster": [], "indices": [] }, "kibana": [ { "base": [], "feature": { "dashboard": ["read"] }, "spaces": ["marketing"] } ] }, "my_kibana_role_2": { "description": "Grants dashboard-only access to only the Sales space.", "metadata": { "version": 1 }, "elasticsearch": { "cluster": [], "indices": [] }, "kibana": [ { "base": [], "feature": { "dashboard": ["read"] }, "spaces": ["sales"] } ] } } }
Grant full access to all features in the Default space for my_kibana_role_1
and my_kibana_role_2
:
$ curl -X POST api/security/roles { "roles": { "my_kibana_role_1": { "description": "Grants full access to all features in the Default space.", "metadata": { "version": 1 }, "elasticsearch": { "cluster": [], "indices": [] }, "kibana": [ { "base": ["all"], "feature": {}, "spaces": ["default"] } ] }, "my_kibana_role_2": { "description": "Grants full access to all features in the Default space.", "metadata": { "version": 1 }, "elasticsearch": { "cluster": [], "indices": [] }, "kibana": [ { "base": ["all"], "feature": {}, "spaces": ["default"] } ] } } }
Grant different access to different spaces:
$ curl -X POST api/security/roles { "roles": { "my_kibana_role_1": { "description": "Grants full access to discover and dashboard features in the default space. Grants read access in the marketing, and sales spaces.", "metadata": { "version": 1 }, "elasticsearch": { "cluster": [], "indices": [] }, "kibana": [ { "base": [], "feature": { "discover": ["all"], "dashboard": ["all"] }, "spaces": ["default"] }, { "base": ["read"], "spaces": ["marketing", "sales"] } ] }, "my_kibana_role_2": { "description": "Grants full access to discover and dashboard features in the default space. Grants read access in the marketing space.", "metadata": { "version": 1 }, "elasticsearch": { "cluster": [], "indices": [] }, "kibana": [ { "base": [], "feature": { "discover": ["all"], "dashboard": ["all"] }, "spaces": ["default"] }, { "base": ["read"], "spaces": ["marketing"] } ] } } }
Grant access to Kibana and Elasticsearch:
$ curl -X POST api/security/roles { "roles": { "my_kibana_role_1": { "description": "Grants all cluster privileges and full access to index1 and index2. Grants full access to remote_index1 and remote_index2, and the monitor_enrich cluster privilege on remote_cluster1. Grants all Kibana privileges in the default space.", "metadata": { "version": 1 }, "elasticsearch": { "cluster": ["all"], "indices": [ { "names": ["index1", "index2"], "privileges": ["all"] } ], "remote_indices": [ { "clusters": ["remote_cluster1"], "names": ["remote_index1", "remote_index2"], "privileges": ["all"] } ], "remote_cluster": [ { "clusters": ["remote_cluster1"], "privileges": ["monitor_enrich"] } ] }, "kibana": [ { "base": ["all"], "feature": {}, "spaces": ["default"] } ] }, "my_kibana_role_2": { "description": "Grants all cluster privileges and full access to index1. Grants full access to remote_index1, and the monitor_enrich cluster privilege on remote_cluster1. Grants all Kibana privileges in the default space.", "metadata": { "version": 1 }, "elasticsearch": { "cluster": ["all"], "indices": [ { "names": ["index1"], "privileges": ["all"] } ], "remote_indices": [ { "clusters": ["remote_cluster1"], "names": ["remote_index1"], "privileges": ["all"] } ], "remote_cluster": [ { "clusters": ["remote_cluster1"], "privileges": ["monitor_enrich"] } ] }, "kibana": [ { "base": ["all"], "feature": {}, "spaces": ["default"] } ] } } }