application/json

BodyRequired

  • uidsarray[string] Required

    A list of profile IDs. The privileges are checked for associated users of the profiles.

  • privilegesobject Required
    Hide privileges attributes Show privileges attributes object
    • applicationarray[object]
      Hide application attributes Show application attributes object
      • applicationstring Required

        The name of the application.

      • privilegesarray[string] Required

        A list of the privileges that you want to check for the specified resources. It may be either application privilege names or the names of actions that are granted by those privileges

      • resourcesarray[string] Required

        A list of resource names against which the privileges should be checked.

    • clusterarray[string]

      A list of the cluster privileges that you want to check.

    • indexarray[object]
      Hide index attributes Show index attributes object
      • namesstring | array[string] Required
      • privilegesarray[string] Required

        A list of the privileges that you want to check for the specified indices.

      • allow_restricted_indicesboolean

        This needs to be set to true (default is false) if using wildcards or regexps for patterns that cover restricted indices. Implicitly, restricted indices do not match index patterns because restricted indices usually have limited privileges and including them in pattern tests would render most such tests false. If restricted indices are explicitly included in the names list, privileges will be checked against them regardless of the value of allow_restricted_indices.

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • has_privilege_uidsarray[string] Required

      The subset of the requested profile IDs of the users that have all the requested privileges.

    • errorsobject
      Hide errors attributes Show errors attributes object
      • countnumber Required
      • detailsobject Required
        Hide details attribute Show details attribute object
        • *object
          Hide * attributes Show * attributes object
          • typestring Required

            The type of error

          • reasonstring | null

            A human-readable explanation of the error, in English.

            One of:
            string-1stringstring-2string | null
          • stack_tracestring

            The server stack trace. Present only if the error_trace=true parameter was sent with the request.

          • caused_byobject
          • root_causearray[object]
          • suppressedarray[object]
GET /_security/profile/_has_privileges
POST /_security/profile/_has_privileges
{
  "uids": [
    "u_LQPnxDxEjIH0GOUoFkZr5Y57YUwSkL9Joiq-g4OCbPc_0",
    "u_rzRnxDgEHIH0GOUoFkZr5Y27YUwSk19Joiq=g4OCxxB_1",
    "u_does-not-exist_0"
  ],
  "privileges": {
    "cluster": [ "monitor", "create_snapshot", "manage_ml" ],
    "index" : [
      {
        "names": [ "suppliers", "products" ],
        "privileges": [ "create_doc"]
      },
      {
        "names": [ "inventory" ],
        "privileges" : [ "read", "write" ]
      }
    ],
    "application": [
      {
        "application": "inventory_manager",
        "privileges" : [ "read", "data:write/inventory" ],
        "resources" : [ "product/1852563" ]
      }
    ]
  }
}
curl \
 --request GET 'http://api.example.com/_security/profile/_has_privileges' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"uids\": [\n    \"u_LQPnxDxEjIH0GOUoFkZr5Y57YUwSkL9Joiq-g4OCbPc_0\",\n    \"u_rzRnxDgEHIH0GOUoFkZr5Y27YUwSk19Joiq=g4OCxxB_1\",\n    \"u_does-not-exist_0\"\n  ],\n  \"privileges\": {\n    \"cluster\": [ \"monitor\", \"create_snapshot\", \"manage_ml\" ],\n    \"index\" : [\n      {\n        \"names\": [ \"suppliers\", \"products\" ],\n        \"privileges\": [ \"create_doc\"]\n      },\n      {\n        \"names\": [ \"inventory\" ],\n        \"privileges\" : [ \"read\", \"write\" ]\n      }\n    ],\n    \"application\": [\n      {\n        \"application\": \"inventory_manager\",\n        \"privileges\" : [ \"read\", \"data:write/inventory\" ],\n        \"resources\" : [ \"product/1852563\" ]\n      }\n    ]\n  }\n}"'
Request example
Run `POST /_security/profile/_has_privileges` to check whether the two users associated with the specified profiles have all the requested set of cluster, index, and application privileges.
{
  "uids": [
    "u_LQPnxDxEjIH0GOUoFkZr5Y57YUwSkL9Joiq-g4OCbPc_0",
    "u_rzRnxDgEHIH0GOUoFkZr5Y27YUwSk19Joiq=g4OCxxB_1",
    "u_does-not-exist_0"
  ],
  "privileges": {
    "cluster": [ "monitor", "create_snapshot", "manage_ml" ],
    "index" : [
      {
        "names": [ "suppliers", "products" ],
        "privileges": [ "create_doc"]
      },
      {
        "names": [ "inventory" ],
        "privileges" : [ "read", "write" ]
      }
    ],
    "application": [
      {
        "application": "inventory_manager",
        "privileges" : [ "read", "data:write/inventory" ],
        "resources" : [ "product/1852563" ]
      }
    ]
  }
}
Response examples (200)
A response from `POST /_security/profile/_has_privileges` that indicates only one of the three users has all the privileges and one of them is not found.
{
  "has_privilege_uids": ["u_rzRnxDgEHIH0GOUoFkZr5Y27YUwSk19Joiq=g4OCxxB_1"],
  "errors": {
    "count": 1,
    "details": {
      "u_does-not-exist_0": {
        "type": "resource_not_found_exception",
        "reason": "profile document not found"
      }
    }
  }
}