Privileges endpointedit

Retrieves whether or not the user is authenticated, and the user’s Kibana space and index privileges, which determine if the user can create an index (.siem-signals-*) for the Elastic Security alerts generated by detection engine rules.

For information about the permissions and privileges required to create .siem-signals-<Kibana-space> indices, see Enable and access detections.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

Get privilegesedit

Returns user privileges for the Kibana space.

Request URLedit

GET <kibana host>:<port>/api/detection_engine/privileges

Example requestsedit

Gets user privileges for the Kibana default space:

GET api/detection_engine/privileges

Gets user privileges for the Kibana siem space:

GET s/siem/api/detection_engine/privileges

Response codeedit

200
Indicates a successful call.
Example responseedit
{
  "username": "detection-engine-admin",
  "has_all_requested": false,
  "cluster": {
    "monitor_ml": true,
    "manage_ccr": false,
    "manage_index_templates": true,
    "monitor_watcher": true,
    "monitor_transform": true,
    "read_ilm": true,
    "manage_api_key": false,
    "manage_security": false,
    "manage_own_api_key": false,
    "manage_saml": false,
    "all": false,
    "manage_ilm": true,
    "manage_ingest_pipelines": true,
    "read_ccr": false,
    "manage_rollup": true,
    "monitor": true,
    "manage_watcher": true,
    "manage": true,
    "manage_transform": true,
    "manage_token": false,
    "manage_ml": true,
    "manage_pipeline": true,
    "monitor_rollup": true,
    "transport_client": true,
    "create_snapshot": true
  },
  "index": {
    ".siem-signals-detection-engine": {
      "all": false,
      "manage_ilm": true,
      "read": false,
      "create_index": true,
      "read_cross_cluster": false,
      "index": false,
      "monitor": true,
      "delete": false,
      "manage": true,
      "delete_index": true,
      "create_doc": false,
      "view_index_metadata": true,
      "create": false,
      "manage_follow_index": true,
      "manage_leader_index": true,
      "write": false
    }
  },
  "application": {}
  "is_authenticated": true 
  "has_encryption_key": true 
}

Indicates whether the user can log in to the Elasticsearch deployment.

Indicates whether the xpack.encryptedSavedObjects.encryptionKey is set.