Privileges endpoint

edit

Retrieves whether or not the user is authenticated, and the user’s Kibana space and index privileges, which determine if the user can create an index (.siem-signals-*) for the Elastic Security alerts generated by detection engine rules.

For information about the permissions and privileges required to create .siem-signals-<Kibana-space> indices, see Enable and access detections.

Get privileges

edit

Returns user privileges for the Kibana space.

Request URL

edit

GET <kibana host>:<port>/api/detection_engine/privileges

Example requests
edit

Gets user privileges for the Kibana default space:

GET api/detection_engine/privileges

Gets user privileges for the Kibana siem space:

GET s/siem/api/detection_engine/privileges

Response code

edit
200
Indicates a successful call.
Example response
edit
{
  "username": "detection-engine-admin",
  "has_all_requested": false,
  "cluster": {
    "monitor_ml": true,
    "manage_ccr": false,
    "manage_index_templates": true,
    "monitor_watcher": true,
    "monitor_transform": true,
    "read_ilm": true,
    "manage_api_key": false,
    "manage_security": false,
    "manage_own_api_key": false,
    "manage_saml": false,
    "all": false,
    "manage_ilm": true,
    "manage_ingest_pipelines": true,
    "read_ccr": false,
    "manage_rollup": true,
    "monitor": true,
    "manage_watcher": true,
    "manage": true,
    "manage_transform": true,
    "manage_token": false,
    "manage_ml": true,
    "manage_pipeline": true,
    "monitor_rollup": true,
    "transport_client": true,
    "create_snapshot": true
  },
  "index": {
    ".siem-signals-detection-engine": {
      "all": false,
      "manage_ilm": true,
      "read": false,
      "create_index": true,
      "read_cross_cluster": false,
      "index": false,
      "monitor": true,
      "delete": false,
      "manage": true,
      "delete_index": true,
      "create_doc": false,
      "view_index_metadata": true,
      "create": false,
      "manage_follow_index": true,
      "manage_leader_index": true,
      "write": false
    }
  },
  "application": {}
  "is_authenticated": true 
  "has_encryption_key": true 
}

Indicates whether the user can log in to the Elasticsearch deployment.

Indicates whether the xpack.encryptedSavedObjects.encryptionKey is set.