Get user privileges | Elasticsearch API documentation (8x-unreleased)

Get user privileges Generally available; Added in 6.5.0

GET /_security/user/_privileges

Get the security privileges for the logged in user. All users can use this API, but only to determine their own privileges. To check the privileges of other users, you must use the run as feature. To check whether a user has a specific list of privileges, use the has privileges API.

Query parameters

application string

The name of the application. Application privileges are always associated with exactly one application. If you do not specify this parameter, the API returns information about all privileges for all applications.
priviledge string

The name of the privilege. If you do not specify this parameter, the API returns information about all privileges for the requested application.
username string | null

Responses

200 application/json
Hide response attributes Show response attributes object
- applications array[object] Required
  
  Hide applications attributes Show applications attributes object
  
  application string Required
  
  The name of the application to which this entry applies.
  
  privileges array[string] Required
  
  A list of strings, where each element is the name of an application privilege or action.
  
  resources array[string] Required
  
  A list resources to which the privileges are applied.
- cluster array[string] Required
- remote_cluster array[object]
  
  Hide remote_cluster attributes Show remote_cluster attributes object
  
  clusters string | array[string] Required
  
  privileges array[string] Required
  
  The cluster level privileges that owners of the role have on the remote cluster.
  
  Values are monitor_enrich or monitor_stats.
- global array[object] Required
  
  Hide global attribute Show global attribute object
  
  application object Required
  
  Hide application attribute Show application attribute object
  
  manage object Required
  
  Hide manage attribute Show manage attribute object
  
  applications array[string] Required
- indices array[object] Required
  
  Hide indices attributes Show indices attributes object
  
  field_security array[object]
  
  The document fields that the owners of the role have read access to.
  
  External documentation
  
  Hide field_security attributes Show field_security attributes object
  
  except string | array[string]
  
  grant string | array[string]
  
  names string | array[string]
  
  A list of indices (or index name patterns) to which the permissions in this entry apply.
  
  One of:
  IndexName string array-2 array[string]
  
  privileges array[string] Required
  
  The index level privileges that owners of the role have on the specified indices.
  
  query array[string | object]
  
  Search queries that define the documents the user has access to. A document within the specified indices must match these queries for it to be accessible by the owners of the role.
  
  While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.
  
  Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.
  
  While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.
  
  Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.
  
  One of:
  IndicesPrivilegesQuery string QueryContainer object RoleTemplateQuery object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  Hide attributes Show attributes
  
  bool
  
  boosting
  
  common object Deprecated
  
  combined_fields
  
  constant_score
  
  dis_max
  
  distance_feature
  
  exists
  
  function_score
  
  fuzzy object
  
  Returns documents that contain terms similar to the search term, as measured by a Levenshtein edit distance.
  
  geo_bounding_box
  
  geo_distance
  
  geo_grid object
  
  Matches geo_point and geo_shape values that intersect a grid cell from a GeoGrid aggregation.
  
  geo_polygon
  
  geo_shape
  
  has_child
  
  has_parent
  
  ids
  
  intervals object
  
  Returns documents based on the order and proximity of matching terms.
  
  knn
  
  match object
  
  Returns documents that match a provided text, number, date or boolean value. The provided text is analyzed before matching.
  
  match_all
  
  match_bool_prefix object
  
  Analyzes its input and constructs a bool query from the terms. Each term except the last is used in a term query. The last term is used in a prefix query.
  
  match_none
  
  match_phrase object
  
  Analyzes the text and creates a phrase query out of the analyzed text.
  
  match_phrase_prefix object
  
  Returns documents that contain the words of a provided text, in the same order as provided. The last term of the provided text is treated as a prefix, matching any words that begin with that term.
  
  more_like_this
  
  multi_match
  
  nested
  
  parent_id
  
  percolate
  
  pinned
  
  prefix object
  
  Returns documents that contain a specific prefix in a provided field.
  
  query_string
  
  range object
  
  Returns documents that contain terms within a provided range.
  
  rank_feature
  
  regexp object
  
  Returns documents that contain terms matching a regular expression.
  
  rule
  
  script
  
  script_score
  
  semantic
  
  shape
  
  simple_query_string
  
  span_containing
  
  span_field_masking
  
  span_first
  
  span_multi
  
  span_near
  
  span_not
  
  span_or
  
  span_term object
  
  Matches spans containing a term.
  
  span_within
  
  sparse_vector
  
  term object
  
  Returns documents that contain an exact term in a provided field. To return a document, the query term must exactly match the queried field's value, including whitespace and capitalization.
  
  terms
  
  terms_set object
  
  Returns documents that contain a minimum number of exact terms in a provided field. To return a document, a required number of terms must exactly match the field values, including whitespace and capitalization.
  
  text_expansion object Deprecated Generally available; Added in 8.8.0
  
  Uses a natural language processing model to convert the query text into a list of token-weight pairs which are then used in a query against a sparse vector or rank features field.
  
  weighted_tokens object Deprecated Generally available; Added in 8.13.0
  
  Supports returning text_expansion query results by sending in precomputed tokens with the query.
  
  wildcard object
  
  Returns documents that contain terms matching a wildcard pattern.
  
  wrapper
  
  type
  
  allow_restricted_indices boolean Required
  
  Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.
- remote_indices array[object]
  
  Hide remote_indices attributes Show remote_indices attributes object
  
  field_security array[object]
  
  The document fields that the owners of the role have read access to.
  
  External documentation
  
  Hide field_security attributes Show field_security attributes object
  
  except string | array[string]
  
  grant string | array[string]
  
  names string | array[string]
  
  A list of indices (or index name patterns) to which the permissions in this entry apply.
  
  One of:
  IndexName string array-2 array[string]
  
  privileges array[string] Required
  
  The index level privileges that owners of the role have on the specified indices.
  
  query array[string | object]
  
  Search queries that define the documents the user has access to. A document within the specified indices must match these queries for it to be accessible by the owners of the role.
  
  While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.
  
  Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.
  
  While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.
  
  Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.
  
  One of:
  IndicesPrivilegesQuery string QueryContainer object RoleTemplateQuery object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  Hide attributes Show attributes
  
  bool
  
  boosting
  
  common object Deprecated
  
  combined_fields
  
  constant_score
  
  dis_max
  
  distance_feature
  
  exists
  
  function_score
  
  fuzzy object
  
  Returns documents that contain terms similar to the search term, as measured by a Levenshtein edit distance.
  
  geo_bounding_box
  
  geo_distance
  
  geo_grid object
  
  Matches geo_point and geo_shape values that intersect a grid cell from a GeoGrid aggregation.
  
  geo_polygon
  
  geo_shape
  
  has_child
  
  has_parent
  
  ids
  
  intervals object
  
  Returns documents based on the order and proximity of matching terms.
  
  knn
  
  match object
  
  Returns documents that match a provided text, number, date or boolean value. The provided text is analyzed before matching.
  
  match_all
  
  match_bool_prefix object
  
  Analyzes its input and constructs a bool query from the terms. Each term except the last is used in a term query. The last term is used in a prefix query.
  
  match_none
  
  match_phrase object
  
  Analyzes the text and creates a phrase query out of the analyzed text.
  
  match_phrase_prefix object
  
  Returns documents that contain the words of a provided text, in the same order as provided. The last term of the provided text is treated as a prefix, matching any words that begin with that term.
  
  more_like_this
  
  multi_match
  
  nested
  
  parent_id
  
  percolate
  
  pinned
  
  prefix object
  
  Returns documents that contain a specific prefix in a provided field.
  
  query_string
  
  range object
  
  Returns documents that contain terms within a provided range.
  
  rank_feature
  
  regexp object
  
  Returns documents that contain terms matching a regular expression.
  
  rule
  
  script
  
  script_score
  
  semantic
  
  shape
  
  simple_query_string
  
  span_containing
  
  span_field_masking
  
  span_first
  
  span_multi
  
  span_near
  
  span_not
  
  span_or
  
  span_term object
  
  Matches spans containing a term.
  
  span_within
  
  sparse_vector
  
  term object
  
  Returns documents that contain an exact term in a provided field. To return a document, the query term must exactly match the queried field's value, including whitespace and capitalization.
  
  terms
  
  terms_set object
  
  Returns documents that contain a minimum number of exact terms in a provided field. To return a document, a required number of terms must exactly match the field values, including whitespace and capitalization.
  
  text_expansion object Deprecated Generally available; Added in 8.8.0
  
  Uses a natural language processing model to convert the query text into a list of token-weight pairs which are then used in a query against a sparse vector or rank features field.
  
  weighted_tokens object Deprecated Generally available; Added in 8.13.0
  
  Supports returning text_expansion query results by sending in precomputed tokens with the query.
  
  wildcard object
  
  Returns documents that contain terms matching a wildcard pattern.
  
  wrapper
  
  type
  
  allow_restricted_indices boolean Required
  
  Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.
  
  clusters array[string] Required
- run_as array[string] Required

GET /_security/user/_privileges

GET /_security/user/_privileges

curl \
 --request GET 'http://api.example.com/_security/user/_privileges'

Response examples (200)

A successful response from `GET /_security/user/_privileges`.

{
  "cluster" : [
    "all"
  ],
  "global" : [ ],
  "indices" : [
    {
      "names" : [
        "*"
      ],
      "privileges" : [
        "all"
      ],
      "allow_restricted_indices" : true
    }
  ],
  "applications" : [
    {
      "application" : "*",
      "privileges" : [
        "*"
      ],
      "resources" : [
        "*"
      ]
    }
  ],
  "run_as" : [
    "*"
  ]
}

Documentation preview

This is a preview of your version @2025-06-09 which is not yet released.

View current documentation

Get user privileges Generally available; Added in 6.5.0

Query parameters

Responses

names string | array[string]

names string | array[string]

Documentation preview