Privilege APIs

The has_privileges API allows you to determine whether the logged in user has a specified list of privileges.

All users can use this API, but only to determine their own privileges. To check the privileges of other users, you must use the run as feature. For more information, see Submitting Requests on Behalf of Other Users.

To check you privileges, submit a GET request to the _xpack/security/user/_has_privileges endpoint:

GET _xpack/security/user/_has_privileges
{
  "cluster": [ "monitor", "manage" ],
  "index" : [
    {
      "names": [ "suppliers", "products" ],
      "privileges": [ "read" ]
    },
    {
      "names": [ "inventory" ],
      "privileges" : [ "read", "write" ]
    }
  ]
}

A successful call returns a JSON structure that shows whether each specified privilege is assigned to the user

{
  "username": "rdeniro",
  "has_all_requested" : false,
  "cluster" : {
    "monitor" : true,
    "manage" : false
  },
  "index" : {
    "suppliers" : {
      "read" : true
    },
    "products" : {
      "read" : true
    },
    "inventory" : {
      "read" : true,
      "write" : false
    }
  }
}