Create or update role API

edit

Creates a new Kibana role, or updates the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.

The underlying mechanism of enforcing role-based access control is stable, but the APIs for managing the roles are experimental.

Request

edit

PUT /api/security/role/my_kibana_role

Prerequisite

edit

To use the create or update role API, you must have the manage_security cluster privilege.

Request body

edit
metadata
(Optional, object) In the metadata object, keys that begin with _ are reserved for system usage.
elasticsearch
(Optional, object) Elasticsearch cluster and index privileges. Valid keys include cluster, indices, and run_as. For more information, see Defining roles.
kibana

(list) Objects that specify the Kibana privileges for the role:

base
(Optional, list) A base privilege. When specified, the base must be ["all"] or ["read"]. When the base privilege is specified, you are unable to use the feature section. "all" grants read/write access to all Kibana features for the specified spaces. "read" grants read-only access to all Kibana features for the specified spaces.
feature
(object) Contains privileges for specific features. When the feature privileges are specified, you are unable to use the base section. To retrieve a list of available features, use the features API.
spaces
(list) The spaces to apply the privileges to. To grant access to all spaces, set to ["*"], or omit the value.

Response code

edit
204
Indicates a successful call.

Examples

edit

Grant access to various features in all spaces:

PUT /api/security/role/my_kibana_role
{
  "metadata" : {
    "version" : 1
  },
  "elasticsearch": {
    "cluster" : [ ],
    "indices" : [ ]
  },
  "kibana": [
    {
      "base": [],
      "feature": {
       "discover": [
          "all"
        ],
        "visualize": [
          "all"
        ],
        "dashboard": [
          "all"
        ],
        "dev_tools": [
          "read"
        ],
        "advancedSettings": [
          "read"
        ],
        "indexPatterns": [
          "read"
        ],
        "timelion": [
          "all"
        ],
        "graph": [
          "all"
        ],
        "apm": [
          "read"
        ],
        "maps": [
          "read"
        ],
        "canvas": [
          "read"
        ],
        "infrastructure": [
          "all"
        ],
        "logs": [
          "all"
        ],
        "uptime": [
          "all"
        ]
      },
      "spaces": [
        "*"
      ]
    }
  ]
}

Grant dashboard-only access to only the Marketing space:

PUT /api/security/role/my_kibana_role
{
  "metadata" : {
    "version" : 1
  },
  "elasticsearch": {
    "cluster" : [ ],
    "indices" : [ ]
  },
  "kibana": [
    {
      "base": [],
      "feature": {
        "dashboard": ["read"]
      },
      "spaces": [
        "marketing"
      ]
    }
  ]
}

Grant full access to all features in the Default space:

PUT /api/security/role/my_kibana_role
{
  "metadata" : {
    "version" : 1
  },
  "elasticsearch": {
    "cluster" : [ ],
    "indices" : [ ]
  },
  "kibana": [
    {
      "base": ["all"],
      "feature": {
      },
      "spaces": [
        "default"
      ]
    }
  ]
}

Grant different access to different spaces:

PUT /api/security/role/my_kibana_role
{
  "metadata" : {
    "version" : 1
  },
  "elasticsearch": {
    "cluster" : [ ],
    "indices" : [ ]
  },
  "kibana": [
    {
      "base": [],
      "feature": {
        "discover": ["all"],
        "dashboard": ["all"]
      },
      "spaces": [
        "default"
      ]
    },
    {
      "base": ["read"],
      "spaces": [
        "marketing",
        "sales"
      ]
    }
  ]
}

Grant access to Kibana and Elasticsearch:

PUT /api/security/role/my_kibana_role
{
  "metadata" : {
    "version" : 1
  },
  "elasticsearch": {
    "cluster" : [ "all" ],
    "indices" : [ {
      "names" : [ "index1", "index2" ],
      "privileges" : [ "all" ],
      "field_security" : {
        "grant" : [ "title", "body" ]
      },
      "query" : "{\"match\": {\"title\": \"foo\"}}"
    } ]
  },
  "kibana": [
    {
      "base": ["all"],
      "feature": {
      },
      "spaces": [
        "default"
      ]
    }
  ]
}