Query parameters

  • applicationstring

    The name of the application. Application privileges are always associated with exactly one application. If you do not specify this parameter, the API returns information about all privileges for all applications.

  • priviledgestring

    The name of the privilege. If you do not specify this parameter, the API returns information about all privileges for the requested application.

  • usernamestring | null

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • applicationsarray[object] Required
      Hide applications attributes Show applications attributes object
      • applicationstring Required

        The name of the application to which this entry applies.

      • privilegesarray[string] Required

        A list of strings, where each element is the name of an application privilege or action.

      • resourcesarray[string] Required

        A list resources to which the privileges are applied.

    • clusterarray[string] Required
    • remote_clusterarray[object]
      Hide remote_cluster attributes Show remote_cluster attributes object
      • clustersstring | array[string] Required
      • privilegesarray[string] Required

        The cluster level privileges that owners of the role have on the remote cluster.

        Values are monitor_enrich or monitor_stats.

    • globalarray[object] Required
      Hide global attribute Show global attribute object
      • applicationobject Required
        Hide application attribute Show application attribute object
        • manageobject Required
          Hide manage attribute Show manage attribute object
    • indicesarray[object] Required
      Hide indices attributes Show indices attributes object
      • field_securityarray[object]

        The document fields that the owners of the role have read access to.

        External documentation
        Hide field_security attributes Show field_security attributes object
        • exceptstring | array[string]
        • grantstring | array[string]
      • namesarray[string] Required

        A list of indices (or index name patterns) to which the permissions in this entry apply.

      • privilegesarray[string] Required

        The index level privileges that owners of the role have on the specified indices.

      • queryarray[string | object]

        Search queries that define the documents the user has access to. A document within the specified indices must match these queries for it to be accessible by the owners of the role.

        While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

        Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

        While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

        Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

        One of:
        IndicesPrivilegesQuerystringQueryContainerobjectRoleTemplateQueryobject

        An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

        External documentation
      • allow_restricted_indicesboolean Required

        Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.

    • remote_indicesarray[object]
      Hide remote_indices attributes Show remote_indices attributes object
      • field_securityarray[object]

        The document fields that the owners of the role have read access to.

        External documentation
        Hide field_security attributes Show field_security attributes object
        • exceptstring | array[string]
        • grantstring | array[string]

      • namesstring | array[string]

        A list of indices (or index name patterns) to which the permissions in this entry apply.

        One of:
        IndexNamestringarray-2array[string]
      • privilegesarray[string] Required

        The index level privileges that owners of the role have on the specified indices.

      • queryarray[string | object]

        Search queries that define the documents the user has access to. A document within the specified indices must match these queries for it to be accessible by the owners of the role.

        While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

        Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

        While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

        Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

        One of:
        IndicesPrivilegesQuerystringQueryContainerobjectRoleTemplateQueryobject

        An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

        External documentation
      • allow_restricted_indicesboolean Required

        Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.

      • clustersarray[string] Required
    • run_asarray[string] Required
GET /_security/user/_privileges
curl \
 --request GET 'http://api.example.com/_security/user/_privileges' \
 --header "Authorization: $API_KEY"
Response examples (200)
A successful response from `GET /_security/user/_privileges`.
{
  "cluster" : [
    "all"
  ],
  "global" : [ ],
  "indices" : [
    {
      "names" : [
        "*"
      ],
      "privileges" : [
        "all"
      ],
      "allow_restricted_indices" : true
    }
  ],
  "applications" : [
    {
      "application" : "*",
      "privileges" : [
        "*"
      ],
      "resources" : [
        "*"
      ]
    }
  ],
  "run_as" : [
    "*"
  ]
}