Create or update role API
editCreate or update role API
edit[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Create a new Kibana role, or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
Request
editPUT <kibana host>:<port>/api/security/role/my_kibana_role
Prerequisite
editTo use the create or update role API, you must have the manage_security cluster privilege.
Request body
edit-
metadata -
(Optional, object) In the
metadataobject, keys that begin with_are reserved for system usage. -
elasticsearch -
(Optional, object) Elasticsearch cluster and index privileges. Valid keys include
cluster,indices, andrun_as. For more information, see Defining roles. -
kibana -
(list) Objects that specify the Kibana privileges for the role.
Properties of
kibana-
base -
(Optional, list) A base privilege. When specified, the base must be
["all"]or["read"]. When thebaseprivilege is specified, you are unable to use thefeaturesection. "all" grants read/write access to all Kibana features for the specified spaces. "read" grants read-only access to all Kibana features for the specified spaces. -
feature -
(object) Contains privileges for specific features.
When the
featureprivileges are specified, you are unable to use thebasesection. To retrieve a list of available features, use the features API. -
spaces -
(list) The spaces to apply the privileges to.
To grant access to all spaces, set to
["*"], or omit the value.
-
Query parameters
edit-
createOnly -
(Optional, boolean) When
true, will prevent overwriting the role if it already exists.
Response code
edit-
204 - Indicates a successful call.
- 409
-
When
createOnlyis true, indicates a conflict with an existing role.
Examples
editGrant access to various features in all spaces:
$ curl -X PUT api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": [],
"feature": {
"discover": [
"all"
],
"visualize": [
"all"
],
"dashboard": [
"all"
],
"dev_tools": [
"read"
],
"advancedSettings": [
"read"
],
"indexPatterns": [
"read"
],
"graph": [
"all"
],
"apm": [
"read"
],
"maps": [
"read"
],
"canvas": [
"read"
],
"infrastructure": [
"all"
],
"logs": [
"all"
],
"uptime": [
"all"
]
},
"spaces": [
"*"
]
}
]
}
Grant dashboard-only access to only the Marketing space:
$ curl -X PUT api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": [],
"feature": {
"dashboard": ["read"]
},
"spaces": [
"marketing"
]
}
]
}
Grant full access to all features in the Default space:
$ curl -X PUT api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": ["all"],
"feature": {
},
"spaces": [
"default"
]
}
]
}
Grant different access to different spaces:
$ curl -X PUT api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": [],
"feature": {
"discover": ["all"],
"dashboard": ["all"]
},
"spaces": [
"default"
]
},
{
"base": ["read"],
"spaces": [
"marketing",
"sales"
]
}
]
}
Grant access to Kibana and Elasticsearch:
$ curl -X PUT api/security/role/my_kibana_role
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ "all" ],
"indices" : [ {
"names" : [ "index1", "index2" ],
"privileges" : [ "all" ],
"field_security" : {
"grant" : [ "title", "body" ]
},
"query" : "{\"match\": {\"title\": \"foo\"}}"
} ]
},
"kibana": [
{
"base": ["all"],
"feature": {
},
"spaces": [
"default"
]
}
]
}