IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Create or update role API
editCreate or update role API
editCreates a new Kibana role, or updates the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
The underlying mechanism of enforcing role-based access control is stable, but the APIs for managing the roles are experimental.
Request
editPUT /api/security/role/my_kibana_role
Prerequisite
editTo use the create or update role API, you must have the manage_security cluster privilege.
Request body
edit-
metadata -
(Optional, object) In the
metadataobject, keys that begin with_are reserved for system usage. -
elasticsearch -
(Optional, object) Elasticsearch cluster and index privileges. Valid keys include
cluster,indices, andrun_as. For more information, see Defining roles. -
kibana -
(list) Objects that specify the Kibana privileges for the role:
-
base -
(Optional, list) A base privilege. When specified, the base must be
["all"]or["read"]. When thebaseprivilege is specified, you are unable to use thefeaturesection. "all" grants read/write access to all Kibana features for the specified spaces. "read" grants read-only access to all Kibana features for the specified spaces. -
feature -
(object) Contains privileges for specific features.
When the
featureprivileges are specified, you are unable to use thebasesection. To retrieve a list of available features, use the features API. -
spaces -
(list) The spaces to apply the privileges to.
To grant access to all spaces, set to
["*"], or omit the value.
-
Response code
edit-
204 - Indicates a successful call.
Examples
editGrant access to various features in all spaces:
PUT /api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": [],
"feature": {
"discover": [
"all"
],
"visualize": [
"all"
],
"dashboard": [
"all"
],
"dev_tools": [
"read"
],
"advancedSettings": [
"read"
],
"indexPatterns": [
"read"
],
"timelion": [
"all"
],
"graph": [
"all"
],
"apm": [
"read"
],
"maps": [
"read"
],
"canvas": [
"read"
],
"infrastructure": [
"all"
],
"logs": [
"all"
],
"uptime": [
"all"
]
},
"spaces": [
"*"
]
}
]
}
Grant dashboard-only access to only the Marketing space:
PUT /api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": [],
"feature": {
"dashboard": ["read"]
},
"spaces": [
"marketing"
]
}
]
}
Grant full access to all features in the Default space:
PUT /api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": ["all"],
"feature": {
},
"spaces": [
"default"
]
}
]
}
Grant different access to different spaces:
PUT /api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": [],
"feature": {
"discover": ["all"],
"dashboard": ["all"]
},
"spaces": [
"default"
]
},
{
"base": ["read"],
"spaces": [
"marketing",
"sales"
]
}
]
}
Grant access to Kibana and Elasticsearch:
PUT /api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ "all" ],
"indices" : [ {
"names" : [ "index1", "index2" ],
"privileges" : [ "all" ],
"field_security" : {
"grant" : [ "title", "body" ]
},
"query" : "{\"match\": {\"title\": \"foo\"}}"
} ]
},
"kibana": [
{
"base": ["all"],
"feature": {
},
"spaces": [
"default"
]
}
]
}