OpenSearch/docs/en/rest-api/security/privileges.asciidoc

[role="xpack"]
[[security-api-privileges]]
=== Privilege APIs

[[security-api-has-privilege]]

The `has_privileges` API allows you to determine whether the logged in user has
a specified list of privileges.

All users can use this API, but only to determine their own privileges.
To check the privileges of other users, you must use the run as feature. For
more information, see 
{xpack-ref}/run-as-privilege.html[Submitting Requests on Behalf of Other Users].

To check you privileges, submit a GET request to the
`_xpack/security/user/_has_privileges` endpoint:

[source,js]
--------------------------------------------------
GET _xpack/security/user/_has_privileges
{
  "cluster": [ "monitor", "manage" ],
  "index" : [
    {
      "names": [ "suppliers", "products" ],
      "privileges": [ "read" ]
    },
    {
      "names": [ "inventory" ],
      "privileges" : [ "read", "write" ]
    }
  ]
}
--------------------------------------------------
// CONSOLE

A successful call returns a JSON structure that shows whether each specified
privilege is assigned to the user

[source,js]
--------------------------------------------------
{
  "username": "rdeniro",
  "has_all_requested" : false,
  "cluster" : {
    "monitor" : true,
    "manage" : false
  },
  "index" : {
    "suppliers" : {
      "read" : true
    },
    "products" : {
      "read" : true
    },
    "inventory" : {
      "read" : true,
      "write" : false
    }
  }
}
--------------------------------------------------
// TESTRESPONSE[s/"rdeniro"/"$body.username"/]
// TESTRESPONSE[s/: false/: true/]
[DOCS] Move security APIs to Elasticsearch Ref (elastic/x-pack-elasticsearch#1877) * [DOCS] Move security APIs to Elasticsearch Ref * [DOCS] Update links to security APIs * [DOCS] Fix link to security APIs Original commit: elastic/x-pack-elasticsearch@d7a9d3f1ab4294f2fcdee63d4ca9e1ae9dae0790 2017-06-28 14:02:40 -04:00			`[role="xpack"]`
Outstanding docs for 5.4 changes (elastic/x-pack-elasticsearch#1280) Docs for security features in 5.4 - `has_privileges` API - ldap metadata. Original commit: elastic/x-pack-elasticsearch@22c733c8145293ab095b728cba8038624fe6c7a9 2017-05-12 02:51:47 -04:00			`[[security-api-privileges]]`
			`=== Privilege APIs`

			`[[security-api-has-privilege]]`

			The `has_privileges` API allows you to determine whether the logged in user has
			`a specified list of privileges.`

[DOCS] Move security APIs to Elasticsearch Ref (elastic/x-pack-elasticsearch#1877) * [DOCS] Move security APIs to Elasticsearch Ref * [DOCS] Update links to security APIs * [DOCS] Fix link to security APIs Original commit: elastic/x-pack-elasticsearch@d7a9d3f1ab4294f2fcdee63d4ca9e1ae9dae0790 2017-06-28 14:02:40 -04:00			`All users can use this API, but only to determine their own privileges.`
			`To check the privileges of other users, you must use the run as feature. For`
			`more information, see`
			`{xpack-ref}/run-as-privilege.html[Submitting Requests on Behalf of Other Users].`
Outstanding docs for 5.4 changes (elastic/x-pack-elasticsearch#1280) Docs for security features in 5.4 - `has_privileges` API - ldap metadata. Original commit: elastic/x-pack-elasticsearch@22c733c8145293ab095b728cba8038624fe6c7a9 2017-05-12 02:51:47 -04:00
			`To check you privileges, submit a GET request to the`
			`_xpack/security/user/_has_privileges` endpoint:

			`[source,js]`
			`--------------------------------------------------`
			`GET _xpack/security/user/_has_privileges`
			`{`
			`"cluster": [ "monitor", "manage" ],`
			`"index" : [`
			`{`
			`"names": [ "suppliers", "products" ],`
			`"privileges": [ "read" ]`
[DOCS] Move security APIs to Elasticsearch Ref (elastic/x-pack-elasticsearch#1877) * [DOCS] Move security APIs to Elasticsearch Ref * [DOCS] Update links to security APIs * [DOCS] Fix link to security APIs Original commit: elastic/x-pack-elasticsearch@d7a9d3f1ab4294f2fcdee63d4ca9e1ae9dae0790 2017-06-28 14:02:40 -04:00			`},`
Outstanding docs for 5.4 changes (elastic/x-pack-elasticsearch#1280) Docs for security features in 5.4 - `has_privileges` API - ldap metadata. Original commit: elastic/x-pack-elasticsearch@22c733c8145293ab095b728cba8038624fe6c7a9 2017-05-12 02:51:47 -04:00			`{`
			`"names": [ "inventory" ],`
			`"privileges" : [ "read", "write" ]`
			`}`
			`]`
			`}`
			`--------------------------------------------------`
			`// CONSOLE`

			`A successful call returns a JSON structure that shows whether each specified`
			`privilege is assigned to the user`

			`[source,js]`
			`--------------------------------------------------`
			`{`
			`"username": "rdeniro",`
			`"has_all_requested" : false,`
			`"cluster" : {`
			`"monitor" : true,`
			`"manage" : false`
			`},`
			`"index" : {`
			`"suppliers" : {`
			`"read" : true`
			`},`
			`"products" : {`
			`"read" : true`
			`},`
			`"inventory" : {`
			`"read" : true,`
			`"write" : false`
			`}`
			`}`
			`}`
			`--------------------------------------------------`
			`// TESTRESPONSE[s/"rdeniro"/"$body.username"/]`
			`// TESTRESPONSE[s/: false/: true/]`