Get roles APIedit

Retrieves roles in the native realm.


GET /_security/role

GET /_security/role/<name>


  • To use this API, you must have at least the read_security cluster privilege.


The role management APIs are generally the preferred way to manage roles, rather than using file-based role management. The get roles API cannot retrieve roles that are defined in roles files.

Path parametersedit

(Optional, string) The name of the role. You can specify multiple roles as a comma-separated list. If you do not specify this parameter, the API returns information about all roles.

Response bodyedit

A successful call returns an array of roles with the JSON representation of the role.

Response codesedit

If the role is not defined in the native realm, the request returns 404.


The following example retrieves information about the my_admin_role role in the native realm:

GET /_security/role/my_admin_role
  "my_admin_role": {
    "cluster" : [ "all" ],
    "indices" : [
        "names" : [ "index1", "index2" ],
        "privileges" : [ "all" ],
        "allow_restricted_indices" : false,
        "field_security" : {
          "grant" : [ "title", "body" ]}
    "applications" : [ ],
    "run_as" : [ "other_user" ],
    "metadata" : {
      "version" : 1
    "transient_metadata": {
      "enabled": true

To retrieve all roles, omit the role name:

GET /_security/role