IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Create or update role API
edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
Create or update role API
editCreates a new Kibana role, or updates the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
The underlying mechanism of enforcing role-based access control is stable, but the APIs for managing the roles are experimental.
Request
editPUT /api/security/role/my_kibana_role
Prerequisite
editTo use the create or update role API, you must have the manage_security cluster privilege.
Request body
edit-
metadata -
(Optional, object) In the
metadataobject, keys that begin with_are reserved for system usage. -
elasticsearch -
(Optional, object) Elasticsearch cluster and index privileges. Valid keys include
cluster,indices, andrun_as. For more information, see Defining roles. -
kibana -
(list) Objects that specify the Kibana privileges for the role:
-
base -
(Optional, list) A base privilege. When specified, the base must be
["all"]or["read"]. When thebaseprivilege is specified, you are unable to use thefeaturesection. "all" grants read/write access to all Kibana features for the specified spaces. "read" grants read-only access to all Kibana features for the specified spaces. -
feature -
(object) Contains privileges for specific features.
When the
featureprivileges are specified, you are unable to use thebasesection. To retrieve a list of available features, use the features API. -
spaces -
(list) The spaces to apply the privileges to.
To grant access to all spaces, set to
["*"], or omit the value.
-
Response code
edit-
204 - Indicates a successful call.
Examples
editGrant access to various features in all spaces:
PUT /api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": [],
"feature": {
"discover": [
"all"
],
"visualize": [
"all"
],
"dashboard": [
"all"
],
"dev_tools": [
"read"
],
"advancedSettings": [
"read"
],
"indexPatterns": [
"read"
],
"timelion": [
"all"
],
"graph": [
"all"
],
"apm": [
"read"
],
"maps": [
"read"
],
"canvas": [
"read"
],
"infrastructure": [
"all"
],
"logs": [
"all"
],
"uptime": [
"all"
]
},
"spaces": [
"*"
]
}
]
}
Grant dashboard-only access to only the Marketing space:
PUT /api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": [],
"feature": {
"dashboard": ["read"]
},
"spaces": [
"marketing"
]
}
]
}
Grant full access to all features in the Default space:
PUT /api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": ["all"],
"feature": {
},
"spaces": [
"default"
]
}
]
}
Grant different access to different spaces:
PUT /api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": [],
"feature": {
"discover": ["all"],
"dashboard": ["all"]
},
"spaces": [
"default"
]
},
{
"base": ["read"],
"spaces": [
"marketing",
"sales"
]
}
]
}
Grant access to Kibana and Elasticsearch:
PUT /api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ "all" ],
"indices" : [ {
"names" : [ "index1", "index2" ],
"privileges" : [ "all" ],
"field_security" : {
"grant" : [ "title", "body" ]
},
"query" : "{\"match\": {\"title\": \"foo\"}}"
} ]
},
"kibana": [
{
"base": ["all"],
"feature": {
},
"spaces": [
"default"
]
}
]
}