255 lines
5.2 KiB
Plaintext
255 lines
5.2 KiB
Plaintext
[[role-management-api-put]]
|
|
=== Create or update role API
|
|
++++
|
|
<titleabbrev>Create or update role</titleabbrev>
|
|
++++
|
|
|
|
experimental[] Create a new {kib} role, or update the attributes of an existing role. {kib} roles are stored in the
|
|
{es} native realm.
|
|
|
|
[[role-management-api-put-request]]
|
|
==== Request
|
|
|
|
`PUT <kibana host>:<port>/api/security/role/my_kibana_role`
|
|
|
|
[[role-management-api-put-prereqs]]
|
|
==== Prerequisite
|
|
|
|
To use the create or update role API, you must have the `manage_security` cluster privilege.
|
|
|
|
[role="child_attributes"]
|
|
[[role-management-api-response-body]]
|
|
==== Request body
|
|
|
|
`metadata`::
|
|
(Optional, object) In the `metadata` object, keys that begin with `_` are reserved for system usage.
|
|
|
|
`elasticsearch`::
|
|
(Optional, object) {es} cluster and index privileges. Valid keys include
|
|
`cluster`, `indices`, and `run_as`. For more information, see
|
|
{ref}/defining-roles.html[Defining roles].
|
|
|
|
`kibana`::
|
|
(list) Objects that specify the <<kibana-privileges, Kibana privileges>> for the role.
|
|
+
|
|
.Properties of `kibana`
|
|
[%collapsible%open]
|
|
=====
|
|
`base` :::
|
|
(Optional, list) A base privilege. When specified, the base must be `["all"]` or `["read"]`.
|
|
When the `base` privilege is specified, you are unable to use the `feature` section.
|
|
"all" grants read/write access to all {kib} features for the specified spaces.
|
|
"read" grants read-only access to all {kib} features for the specified spaces.
|
|
|
|
`feature` :::
|
|
(object) Contains privileges for specific features.
|
|
When the `feature` privileges are specified, you are unable to use the `base` section.
|
|
To retrieve a list of available features, use the <<features-api-get, features API>>.
|
|
|
|
`spaces` :::
|
|
(list) The spaces to apply the privileges to.
|
|
To grant access to all spaces, set to `["*"]`, or omit the value.
|
|
=====
|
|
|
|
[[role-management-api-put-response-codes]]
|
|
==== Response code
|
|
|
|
`204`::
|
|
Indicates a successful call.
|
|
|
|
==== Examples
|
|
|
|
Grant access to various features in all spaces:
|
|
|
|
[source,sh]
|
|
--------------------------------------------------
|
|
$ curl -X PUT api/security/role/my_kibana_role
|
|
{
|
|
"metadata" : {
|
|
"version" : 1
|
|
},
|
|
"elasticsearch": {
|
|
"cluster" : [ ],
|
|
"indices" : [ ]
|
|
},
|
|
"kibana": [
|
|
{
|
|
"base": [],
|
|
"feature": {
|
|
"discover": [
|
|
"all"
|
|
],
|
|
"visualize": [
|
|
"all"
|
|
],
|
|
"dashboard": [
|
|
"all"
|
|
],
|
|
"dev_tools": [
|
|
"read"
|
|
],
|
|
"advancedSettings": [
|
|
"read"
|
|
],
|
|
"indexPatterns": [
|
|
"read"
|
|
],
|
|
"timelion": [
|
|
"all"
|
|
],
|
|
"graph": [
|
|
"all"
|
|
],
|
|
"apm": [
|
|
"read"
|
|
],
|
|
"maps": [
|
|
"read"
|
|
],
|
|
"canvas": [
|
|
"read"
|
|
],
|
|
"infrastructure": [
|
|
"all"
|
|
],
|
|
"logs": [
|
|
"all"
|
|
],
|
|
"uptime": [
|
|
"all"
|
|
]
|
|
},
|
|
"spaces": [
|
|
"*"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
--------------------------------------------------
|
|
// KIBANA
|
|
|
|
Grant dashboard-only access to only the Marketing space:
|
|
|
|
[source,sh]
|
|
--------------------------------------------------
|
|
$ curl -X PUT api/security/role/my_kibana_role
|
|
{
|
|
"metadata" : {
|
|
"version" : 1
|
|
},
|
|
"elasticsearch": {
|
|
"cluster" : [ ],
|
|
"indices" : [ ]
|
|
},
|
|
"kibana": [
|
|
{
|
|
"base": [],
|
|
"feature": {
|
|
"dashboard": ["read"]
|
|
},
|
|
"spaces": [
|
|
"marketing"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
--------------------------------------------------
|
|
// KIBANA
|
|
|
|
Grant full access to all features in the Default space:
|
|
|
|
[source,sh]
|
|
--------------------------------------------------
|
|
$ curl -X PUT api/security/role/my_kibana_role
|
|
{
|
|
"metadata" : {
|
|
"version" : 1
|
|
},
|
|
"elasticsearch": {
|
|
"cluster" : [ ],
|
|
"indices" : [ ]
|
|
},
|
|
"kibana": [
|
|
{
|
|
"base": ["all"],
|
|
"feature": {
|
|
},
|
|
"spaces": [
|
|
"default"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
--------------------------------------------------
|
|
// KIBANA
|
|
|
|
Grant different access to different spaces:
|
|
|
|
[source,sh]
|
|
--------------------------------------------------
|
|
$ curl -X PUT api/security/role/my_kibana_role
|
|
{
|
|
"metadata" : {
|
|
"version" : 1
|
|
},
|
|
"elasticsearch": {
|
|
"cluster" : [ ],
|
|
"indices" : [ ]
|
|
},
|
|
"kibana": [
|
|
{
|
|
"base": [],
|
|
"feature": {
|
|
"discover": ["all"],
|
|
"dashboard": ["all"]
|
|
},
|
|
"spaces": [
|
|
"default"
|
|
]
|
|
},
|
|
{
|
|
"base": ["read"],
|
|
"spaces": [
|
|
"marketing",
|
|
"sales"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
--------------------------------------------------
|
|
// KIBANA
|
|
|
|
Grant access to {kib} and {es}:
|
|
|
|
[source,sh]
|
|
--------------------------------------------------
|
|
$ curl -X PUT api/security/role/my_kibana_role
|
|
{
|
|
"metadata" : {
|
|
"version" : 1
|
|
},
|
|
"elasticsearch": {
|
|
"cluster" : [ "all" ],
|
|
"indices" : [ {
|
|
"names" : [ "index1", "index2" ],
|
|
"privileges" : [ "all" ],
|
|
"field_security" : {
|
|
"grant" : [ "title", "body" ]
|
|
},
|
|
"query" : "{\"match\": {\"title\": \"foo\"}}"
|
|
} ]
|
|
},
|
|
"kibana": [
|
|
{
|
|
"base": ["all"],
|
|
"feature": {
|
|
},
|
|
"spaces": [
|
|
"default"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
--------------------------------------------------
|
|
// KIBANA
|