add876281b
* Beginning to work on the role management APIs. Added docs for GET
* Adding PUT docs
* Adding PUT details
* Adding delete docs
* Fixing linking
* Adding Kibana privileges section
* Fixing dashboard only mode docs
* Fixing a few more references to managing roles
* Beginning to work on authorization docs, might be moving some to
stack-docs
* Collapsing authorization description in the kibana privileges page
* Adding audit logging section
* Revising the language on the Kibana role management section
* Splitting back out the auth/privileges and adding legacy fallback
details
* Revising language around impact of disabling security
* Changing Kibana to {kib} and Elasticsearch to {es}
* Beginning to work on developer centric docs
* Fixing some formatting, adding some diagrams
* Adding note about the role management APIs
* Adding overview, fixing small syntax issues
* Fixing chunk name for transitioning to application privileges
* Adjusting tone for the authorization introduction
* Changing the tone and structure of the RBAC docs
* Deleting blog stuff after refactoring
* Addressing first round of peer review comments
* Fixing endpoints links
* Peer review suggested edits
* Addressing other PR feedback
111 lines
2.5 KiB
Text
111 lines
2.5 KiB
Text
[[role-management-api-get]]
|
|
=== Get Role
|
|
|
|
experimental[This API is experimental and may be changed or removed completely in a future release. Although the underlying mechanism of enforcing role-based access control is stable, the APIs for managing the roles are currently experimental.]
|
|
|
|
Retrieves all {kib} roles, or a specific role.
|
|
|
|
==== Authorization
|
|
|
|
To use this API, you must have at least the `manage_security` cluster privilege.
|
|
|
|
==== Get all {kib} roles
|
|
|
|
===== Request
|
|
|
|
To retrieve all roles, issue a GET request to the
|
|
/api/security/role endpoint.
|
|
|
|
[source,js]
|
|
--------------------------------------------------
|
|
GET /api/security/role
|
|
--------------------------------------------------
|
|
// KIBANA
|
|
|
|
===== Response
|
|
|
|
A successful call returns a response code of `200` and a response body containing a JSON
|
|
representation of the roles.
|
|
|
|
[source,js]
|
|
--------------------------------------------------
|
|
[
|
|
{
|
|
"name": "my_kibana_role",
|
|
"metadata" : {
|
|
"version" : 1
|
|
},
|
|
"transient_metadata": {
|
|
"enabled": true
|
|
},
|
|
"elasticsearch": {
|
|
"indices": [ ],
|
|
"cluster": [ ],
|
|
"run_as": [ ]
|
|
},
|
|
"kibana": [ {
|
|
"privileges": [ "all" ]
|
|
} ],
|
|
},
|
|
{
|
|
"name": "my_admin_role",
|
|
"metadata" : {
|
|
"version" : 1
|
|
},
|
|
"transient_metadata": {
|
|
"enabled": true
|
|
},
|
|
"elasticsearch": {
|
|
"cluster" : [ "all" ],
|
|
"indices" : [ {
|
|
"names" : [ "index1", "index2" ],
|
|
"privileges" : [ "all" ],
|
|
"field_security" : {
|
|
"grant" : [ "title", "body" ]
|
|
},
|
|
"query" : "{\"match\": {\"title\": \"foo\"}}"
|
|
} ],
|
|
},
|
|
"kibana": [ ]
|
|
}
|
|
]
|
|
--------------------------------------------------
|
|
|
|
==== Get a specific role
|
|
|
|
===== Request
|
|
|
|
To retrieve a specific role, issue a GET request to
|
|
the `/api/security/role/<rolename>` endpoint:
|
|
|
|
[source,js]
|
|
--------------------------------------------------
|
|
GET /api/security/role/my_kibana_role
|
|
--------------------------------------------------
|
|
// KIBANA
|
|
|
|
===== Response
|
|
|
|
A successful call returns a response code of `200` and a response body containing a JSON
|
|
representation of the role.
|
|
|
|
[source,js]
|
|
--------------------------------------------------
|
|
{
|
|
"name": "my_kibana_role",
|
|
"metadata" : {
|
|
"version" : 1
|
|
},
|
|
"transient_metadata": {
|
|
"enabled": true
|
|
},
|
|
"elasticsearch": {
|
|
"cluster": [ ],
|
|
"indices": [ ],
|
|
"run_as": [ ]
|
|
},
|
|
"kibana": [ {
|
|
"privileges": [ "all" ]
|
|
} ],
|
|
}
|
|
--------------------------------------------------
|