OpenSearch/docs/en/rest-api/security/privileges.asciidoc

63 lines
1.4 KiB
Plaintext
Raw Normal View History

[[security-api-privileges]]
=== Privilege APIs
[[security-api-has-privilege]]
The `has_privileges` API allows you to determine whether the logged in user has
a specified list of privileges.
All users can use this API, but only to determine their own privileges.
To check the privileges of other users, you must use the
<<run-as-privilege,run as>> feature.
To check you privileges, submit a GET request to the
`_xpack/security/user/_has_privileges` endpoint:
[source,js]
--------------------------------------------------
GET _xpack/security/user/_has_privileges
{
"cluster": [ "monitor", "manage" ],
"index" : [
{
"names": [ "suppliers", "products" ],
"privileges": [ "read" ]
},
{
"names": [ "inventory" ],
"privileges" : [ "read", "write" ]
}
]
}
--------------------------------------------------
// CONSOLE
A successful call returns a JSON structure that shows whether each specified
privilege is assigned to the user
[source,js]
--------------------------------------------------
{
"username": "rdeniro",
"has_all_requested" : false,
"cluster" : {
"monitor" : true,
"manage" : false
},
"index" : {
"suppliers" : {
"read" : true
},
"products" : {
"read" : true
},
"inventory" : {
"read" : true,
"write" : false
}
}
}
--------------------------------------------------
// TESTRESPONSE[s/"rdeniro"/"$body.username"/]
// TESTRESPONSE[s/: false/: true/]