IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Create or Update Role
editCreate or Update Role
editThis API is experimental and may be changed or removed completely in a future release. Although the underlying mechanism of enforcing role-based access control is stable, the APIs for managing the roles are currently experimental.
Creates a new Kibana role or updates the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
Authorization
editTo use this API, you must have at least the manage_security
cluster privilege.
Request
editTo create or update a role, issue a PUT request to the
/api/security/role/<rolename>
endpoint.
PUT /api/security/role/my_kibana_role
Request Body
editThe following parameters can be specified in the body of a PUT request to add or update a role:
-
metadata
-
(object) Optional meta-data. Within the
metadata
object, keys that begin with_
are reserved for system usage. -
elasticsearch
-
(object) Optional Elasticsearch cluster and index privileges, valid keys are
cluster
,indices
andrun_as
. For more information, see Defining roles. -
kibana
- (list) A list of objects that specify the Kibana privileges.
Example
editPUT /api/security/role/my_kibana_role { "metadata" : { "version" : 1 }, "elasticsearch": { "cluster" : [ "all" ], "indices" : [ { "names" : [ "index1", "index2" ], "privileges" : [ "all" ], "field_security" : { "grant" : [ "title", "body" ] }, "query" : "{\"match\": {\"title\": \"foo\"}}" } ] }, "kibana": [ { "privileges": [ "all" ] } ], }
Response
editA successful call returns a response code of 204
and no response body.