2017-06-28 14:02:40 -04:00
|
|
|
[role="xpack"]
|
2017-05-12 02:51:47 -04:00
|
|
|
[[security-api-privileges]]
|
|
|
|
=== Privilege APIs
|
|
|
|
|
|
|
|
[[security-api-has-privilege]]
|
|
|
|
|
|
|
|
The `has_privileges` API allows you to determine whether the logged in user has
|
|
|
|
a specified list of privileges.
|
|
|
|
|
2017-09-22 12:46:09 -04:00
|
|
|
==== Request
|
|
|
|
|
|
|
|
`GET _xpack/security/user/_has_privileges`
|
|
|
|
|
|
|
|
|
|
|
|
==== Description
|
|
|
|
|
|
|
|
For a list of the privileges that you can specify in this API,
|
|
|
|
see {xpack-ref}/security-privileges.html[Security Privileges].
|
|
|
|
|
|
|
|
A successful call returns a JSON structure that shows whether each specified
|
|
|
|
privilege is assigned to the user.
|
|
|
|
|
|
|
|
|
|
|
|
==== Request Body
|
|
|
|
|
|
|
|
`cluster`:: (list) A list of the cluster privileges that you want to check.
|
|
|
|
|
|
|
|
`index`::
|
|
|
|
`names`::: (list) A list of indices.
|
|
|
|
`privileges`::: (list) A list of the privileges that you want to check for the
|
|
|
|
specified indices.
|
|
|
|
|
|
|
|
==== Authorization
|
|
|
|
|
2017-06-28 14:02:40 -04:00
|
|
|
All users can use this API, but only to determine their own privileges.
|
|
|
|
To check the privileges of other users, you must use the run as feature. For
|
2017-09-22 12:46:09 -04:00
|
|
|
more information, see
|
2017-06-28 14:02:40 -04:00
|
|
|
{xpack-ref}/run-as-privilege.html[Submitting Requests on Behalf of Other Users].
|
2017-05-12 02:51:47 -04:00
|
|
|
|
2017-09-22 12:46:09 -04:00
|
|
|
|
|
|
|
==== Examples
|
|
|
|
|
|
|
|
The following example checks whether the current user has a specific set of
|
|
|
|
cluster and indices privileges:
|
2017-05-12 02:51:47 -04:00
|
|
|
|
|
|
|
[source,js]
|
|
|
|
--------------------------------------------------
|
|
|
|
GET _xpack/security/user/_has_privileges
|
|
|
|
{
|
|
|
|
"cluster": [ "monitor", "manage" ],
|
|
|
|
"index" : [
|
|
|
|
{
|
|
|
|
"names": [ "suppliers", "products" ],
|
|
|
|
"privileges": [ "read" ]
|
2017-06-28 14:02:40 -04:00
|
|
|
},
|
2017-05-12 02:51:47 -04:00
|
|
|
{
|
|
|
|
"names": [ "inventory" ],
|
|
|
|
"privileges" : [ "read", "write" ]
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
--------------------------------------------------
|
|
|
|
// CONSOLE
|
|
|
|
|
2017-09-22 12:46:09 -04:00
|
|
|
The following example output indicates which privileges the "rdeniro" user has:
|
2017-05-12 02:51:47 -04:00
|
|
|
|
|
|
|
[source,js]
|
|
|
|
--------------------------------------------------
|
|
|
|
{
|
|
|
|
"username": "rdeniro",
|
|
|
|
"has_all_requested" : false,
|
|
|
|
"cluster" : {
|
|
|
|
"monitor" : true,
|
|
|
|
"manage" : false
|
|
|
|
},
|
|
|
|
"index" : {
|
|
|
|
"suppliers" : {
|
|
|
|
"read" : true
|
|
|
|
},
|
|
|
|
"products" : {
|
|
|
|
"read" : true
|
|
|
|
},
|
|
|
|
"inventory" : {
|
|
|
|
"read" : true,
|
|
|
|
"write" : false
|
|
|
|
}
|
2018-07-24 12:34:46 -04:00
|
|
|
},
|
|
|
|
"application" : {}
|
2017-05-12 02:51:47 -04:00
|
|
|
}
|
|
|
|
--------------------------------------------------
|
|
|
|
// TESTRESPONSE[s/"rdeniro"/"$body.username"/]
|
|
|
|
// TESTRESPONSE[s/: false/: true/]
|