Create or update roles

POST /api/security/roles

Api key auth

Create or update multiple Kibana roles in a single request.

Headers

kbn-xsrf string Required

A required header to protect against CSRF attacks

application/json

Body

roles object Required
Hide roles attribute Show roles attribute object
- * object
  
  The role definition to create or update.
  
  Additional properties are NOT allowed.
  Hide * attributes Show * attributes object
  
  description string
  
  A description for the role.
  
  Maximum length is 2048.
  
  elasticsearch object Required
  
  The Elasticsearch cluster, index, and remote cluster security privileges for the role.
  
  Additional properties are NOT allowed.
  
  Hide elasticsearch attributes Show elasticsearch attributes object
  
  cluster array[string]
  
  Cluster privileges that define the cluster level actions that users can perform.
  
  Not more than 100 elements.
  
  indices array[object]
  
  Not more than 1000 elements.
  
  Hide indices attributes Show indices attributes object
  
  The indices privileges entry.
  
  allow_restricted_indices boolean
  
  Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.
  
  field_security object
  
  Hide field_security attribute Show field_security attribute object
  
  * array[string] Additional properties
  
  The document fields that the role members have read access to.
  
  Not more than 1000 elements.
  
  names array[string] Required
  
  The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).
  
  At least 1 but not more than 100 elements.
  
  privileges array[string] Required
  
  The index level privileges that the role members have for the data streams and indices.
  
  At least 1 but not more than 100 elements.
  
  query string
  
  A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.
  
  remote_cluster array[object]
  
  Not more than 100 elements.
  
  Hide remote_cluster attributes Show remote_cluster attributes object
  
  The remote cluster privileges entry.
  
  clusters array[string] Required
  
  A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.
  
  At least 1 but not more than 100 elements.
  
  privileges array[string] Required
  
  The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.
  
  At least 1 but not more than 100 elements.
  
  remote_indices array[object]
  
  Not more than 1000 elements.
  
  Hide remote_indices attributes Show remote_indices attributes object
  
  The remote indices privileges entry.
  
  allow_restricted_indices boolean
  
  Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.
  
  clusters array[string] Required
  
  A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.
  
  At least 1 but not more than 100 elements.
  
  field_security object
  
  Hide field_security attribute Show field_security attribute object
  
  * array[string] Additional properties
  
  The document fields that the role members have read access to.
  
  Not more than 1000 elements.
  
  names array[string] Required
  
  A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).
  
  At least 1 but not more than 100 elements.
  
  privileges array[string] Required
  
  The index level privileges that role members have for the specified indices.
  
  At least 1 but not more than 100 elements.
  
  query string
  
  A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.
  
  run_as array[string]
  
  A username that members of this role can impersonate.
  
  Not more than 100 elements.
  
  kibana array[object]
  
  Hide kibana attributes Show kibana attributes object
  
  The Kibana privilege entry for the role.
  
  base array | null | boolean | number | object | string Required
  
  Any of:
  array-1 array | null boolean-2 boolean | null number-3 number | null object-4 object | null string-5 string | null
  
  feature object
  
  Hide feature attribute Show feature attribute object
  
  * array[string] Additional properties
  
  The privileges that the role member has for the feature.
  
  Not more than 100 elements.
  
  spaces array[string]
  
  Any of:
  array-1 array[string] array-2 array[string]
  
  At least 1 but not more than 1 element. Value is *. Default value is ["*"].
  
  A space that the privilege applies to.
  
  Not more than 1000 elements. Default value is ["*"].
  
  metadata object

Responses

200 application/json

Indicates a successful call.
Hide response attributes Show response attributes object
- created array[string]
  
  The name of a role that was created.
- errors object
  
  Hide errors attribute Show errors attribute object
  
  * object Additional properties
  
  Error information for a single role in a bulk create-or-update request.
  
  Additional properties are NOT allowed.
  
  Hide * attributes Show * attributes object
  
  reason string Required
  
  A human readable error reason.
  
  type string Required
  
  The error type.
- noop array[string]
  
  The name of a role that was unchanged by the request.
- updated array[string]
  
  The name of a role that was updated.

POST /api/security/roles

curl \
 --request POST 'https://<KIBANA_URL>/api/security/roles' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --header "kbn-xsrf: true" \
 --data '{"roles":{"my_kibana_role":{"elasticsearch":{"cluster":["monitor"],"indices":[{"names":["logs-*"],"privileges":["read"]}]},"kibana":[{"base":["read"],"feature":{},"spaces":["default"]}]}}}'

Request example

{
  "roles": {
    "my_kibana_role": {
      "elasticsearch": {
        "cluster": [
          "monitor"
        ],
        "indices": [
          {
            "names": [
              "logs-*"
            ],
            "privileges": [
              "read"
            ]
          }
        ]
      },
      "kibana": [
        {
          "base": [
            "read"
          ],
          "feature": {},
          "spaces": [
            "default"
          ]
        }
      ]
    }
  }
}

Response examples (200)

{
  "created": [
    "my_kibana_role"
  ],
  "noop": [],
  "updated": []
}

Create or update roles

Headers

Body

base array | null | boolean | number | object | string Required

spaces array[string]

Responses