GET /api/security/role
Api key auth

Retrieve all Kibana roles.

Query parameters

  • replaceDeprecatedPrivileges boolean

    If true and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.

Responses

  • 200 application/json

    Indicates a successful call.

    Hide response attributes Show response attributes object
    • _transform_error array[object]
      Hide _transform_error attributes Show _transform_error attributes object

      Diagnostic information about a role whose Kibana privileges could not be transformed.

      • reason string Required

        The reason the role could not be fully transformed.

      • state array[object]
        Hide state attributes Show state attributes object

        A raw Elasticsearch application privilege entry tied to Kibana.

        • application string Required
        • privileges array[string] Required
        • resources array[string] Required
    • _unrecognized_applications array[string]

      Application names found on the role that are not recognized by Kibana.

    • description string

      A description for the role.

    • elasticsearch object Required

      The Elasticsearch cluster, index, and remote cluster security privileges for the role.

      Additional properties are NOT allowed.

      Hide elasticsearch attributes Show elasticsearch attributes object
      • cluster array[string]

        Cluster privileges that define the cluster level actions that users can perform.

        Not more than 100 elements.

      • indices array[object]

        Not more than 1000 elements.

        Hide indices attributes Show indices attributes object

        The indices privileges entry.

        • allow_restricted_indices boolean

          Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.

        • field_security object
          Hide field_security attribute Show field_security attribute object
          • * array[string] Additional properties

            The document fields that the role members have read access to.

            Not more than 1000 elements.

        • names array[string] Required

          The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).

          At least 1 but not more than 100 elements.

        • privileges array[string] Required

          The index level privileges that the role members have for the data streams and indices.

          At least 1 but not more than 100 elements.

        • query string

          A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.

      • remote_cluster array[object]

        Not more than 100 elements.

        Hide remote_cluster attributes Show remote_cluster attributes object

        The remote cluster privileges entry.

        • clusters array[string] Required

          A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.

          At least 1 but not more than 100 elements.

        • privileges array[string] Required

          The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.

          At least 1 but not more than 100 elements.

      • remote_indices array[object]

        Not more than 1000 elements.

        Hide remote_indices attributes Show remote_indices attributes object

        The remote indices privileges entry.

        • allow_restricted_indices boolean

          Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.

        • clusters array[string] Required

          A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.

          At least 1 but not more than 100 elements.

        • field_security object
          Hide field_security attribute Show field_security attribute object
          • * array[string] Additional properties

            The document fields that the role members have read access to.

            Not more than 1000 elements.

        • names array[string] Required

          A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).

          At least 1 but not more than 100 elements.

        • privileges array[string] Required

          The index level privileges that role members have for the specified indices.

          At least 1 but not more than 100 elements.

        • query string

          A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.

      • run_as array[string]

        A username that members of this role can impersonate.

        Not more than 100 elements.

    • kibana array[object] Required
      Hide kibana attributes Show kibana attributes object

      A Kibana privilege entry returned for a role.

      • _reserved array[string]

        A reserved Kibana privilege granted globally.

      • base array[string] Required

        A base Kibana privilege.

      • feature object Required
        Hide feature attribute Show feature attribute object
        • * array[string] Additional properties

          A privilege the role member has for the feature.

      • spaces array[string] Required

        A space that the privilege applies to. The wildcard * indicates all spaces.

    • metadata object
    • name string Required

      The role name.

    • transient_metadata object
GET /api/security/role 
curl \
 --request GET 'https://<KIBANA_URL>/api/security/role' \
 --header "Authorization: $API_KEY"
Response examples (200) 
[
  {
    "_unrecognized_applications": [],
    "description": "My custom Kibana role.",
    "elasticsearch": {
      "cluster": [
        "monitor"
      ],
      "indices": [
        {
          "names": [
            "logs-*"
          ],
          "privileges": [
            "read"
          ]
        }
      ],
      "run_as": []
    },
    "kibana": [
      {
        "base": [
          "read"
        ],
        "feature": {},
        "spaces": [
          "default"
        ]
      }
    ],
    "metadata": {},
    "name": "my_kibana_role",
    "transient_metadata": {
      "enabled": true
    }
  }
]