Create or update role API
editCreate or update role API
edit[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Create a new Kibana role, or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
Request
editPUT <kibana host>:<port>/api/security/role/my_kibana_role
Prerequisite
editTo use the create or update role API, you must have the manage_security cluster privilege.
Request body
edit-
metadata -
(Optional, object) In the
metadataobject, keys that begin with_are reserved for system usage. -
elasticsearch -
(Optional, object) Elasticsearch cluster and index privileges. Valid keys include
cluster,indices,remote_indices, andrun_as. For more information, see Defining roles. -
kibana -
(list) Objects that specify the Kibana privileges for the role.
Properties of
kibana-
base -
(Optional, list) A base privilege. When specified, the base must be
["all"]or["read"]. When thebaseprivilege is specified, you are unable to use thefeaturesection. "all" grants read/write access to all Kibana features for the specified spaces. "read" grants read-only access to all Kibana features for the specified spaces. -
feature -
(object) Contains privileges for specific features.
When the
featureprivileges are specified, you are unable to use thebasesection. To retrieve a list of available features, use the features API. -
spaces -
(list) The spaces to apply the privileges to.
To grant access to all spaces, set to
["*"], or omit the value.
-
Query parameters
edit-
createOnly -
(Optional, boolean) When
true, will prevent overwriting the role if it already exists.
Response code
edit-
204 - Indicates a successful call.
-
409 -
When
createOnlyis true, indicates a conflict with an existing role.
Examples
editGrant access to various features in all spaces:
$ curl -X PUT api/security/role/my_kibana_role
{
"metadata": {
"version": 1
},
"elasticsearch": {
"cluster": [ ],
"indices": [ ]
},
"kibana": [
{
"base": [ ],
"feature": {
"discover": [ "all" ],
"visualize": [ "all" ],
"dashboard": [ "all" ],
"dev_tools": [ "read" ],
"advancedSettings": [ "read" ],
"indexPatterns": [ "read" ],
"graph": [ "all" ],
"apm": [ "read" ],
"maps": [ "read" ],
"canvas": [ "read" ],
"infrastructure": [ "all" ],
"logs": [ "all" ],
"uptime": [ "all" ]
},
"spaces": [ "*" ]
}
]
}
Grant dashboard-only access to only the Marketing space:
$ curl -X PUT api/security/role/my_kibana_role
{
"metadata": {
"version": 1
},
"elasticsearch": {
"cluster": [ ],
"indices": [ ]
},
"kibana": [
{
"base": [ ],
"feature": {
"dashboard": [ "read" ]
},
"spaces": [ "marketing" ]
}
]
}
Grant full access to all features in the Default space:
$ curl -X PUT api/security/role/my_kibana_role
{
"metadata": {
"version": 1
},
"elasticsearch": {
"cluster": [ ],
"indices": [ ]
},
"kibana": [
{
"base": [ "all" ],
"feature": { },
"spaces": [ "default" ]
}
]
}
Grant different access to different spaces:
$ curl -X PUT api/security/role/my_kibana_role
{
"metadata": {
"version": 1
},
"elasticsearch": {
"cluster": [ ],
"indices": [ ]
},
"kibana": [
{
"base": [ ],
"feature": {
"discover": [ "all" ],
"dashboard": [ "all" ]
},
"spaces": [ "default" ]
},
{
"base": [ "read"] ,
"spaces": [ "marketing", "sales" ]
}
]
}
Grant access to Kibana and Elasticsearch:
$ curl -X PUT api/security/role/my_kibana_role
{
"metadata": {
"version": 1
},
"elasticsearch": {
"cluster": [ "all" ],
"indices": [
{
"names": [ "index1", "index2" ],
"privileges": [ "all" ]
}
],
"remote_indices": [
{
"clusters": [ "remote_cluster1" ],
"names": [ "remote_index1", "remote_index2" ],
"privileges": [ "all" ]
}
]
},
"kibana": [
{
"base": [ "all" ],
"feature": { },
"spaces": [ "default" ]
}
]
}