[role="xpack"] [[security-api-has-privileges]] === Has privileges API ++++ Has privileges ++++ [[security-api-has-privilege]] The `has_privileges` API allows you to determine whether the logged in user has a specified list of privileges. ==== Request `GET /_security/user/_has_privileges` ==== Description For a list of the privileges that you can specify in this API, see {stack-ov}/security-privileges.html[Security privileges]. A successful call returns a JSON structure that shows whether each specified privilege is assigned to the user. ==== Request Body `cluster`:: (list) A list of the cluster privileges that you want to check. `index`:: `names`::: (list) A list of indices. `allow_restricted_indices`::: (boolean) If `names` contains internal restricted that also have to be covered by the has-privilege check, then this has to be set to `true`. By default this is `false` because restricted indices should generaly not be "visible" to APIs. For most use cases it is safe to ignore this parameter. `privileges`::: (list) A list of the privileges that you want to check for the specified indices. `application`:: `application`::: (string) The name of the application. `privileges`::: (list) A list of the privileges that you want to check for the specified resources. May be either application privilege names, or the names of actions that are granted by those privileges `resources`::: (list) A list of resource names against which the privileges should be checked ==== Authorization All users can use this API, but only to determine their own privileges. To check the privileges of other users, you must use the run as feature. For more information, see {xpack-ref}/run-as-privilege.html[Submitting Requests on Behalf of Other Users]. ==== Examples The following example checks whether the current user has a specific set of cluster, index, and application privileges: [source,js] -------------------------------------------------- GET /_security/user/_has_privileges { "cluster": [ "monitor", "manage" ], "index" : [ { "names": [ "suppliers", "products" ], "privileges": [ "read" ] }, { "names": [ "inventory" ], "privileges" : [ "read", "write" ] } ], "application": [ { "application": "inventory_manager", "privileges" : [ "read", "data:write/inventory" ], "resources" : [ "product/1852563" ] } ] } -------------------------------------------------- // CONSOLE The following example output indicates which privileges the "rdeniro" user has: [source,js] -------------------------------------------------- { "username": "rdeniro", "has_all_requested" : false, "cluster" : { "monitor" : true, "manage" : false }, "index" : { "suppliers" : { "read" : true }, "products" : { "read" : true }, "inventory" : { "read" : true, "write" : false } }, "application" : { "inventory_manager" : { "product/1852563" : { "read": false, "data:write/inventory": false } } } } -------------------------------------------------- // TESTRESPONSE[s/"rdeniro"/"$body.username"/] // TESTRESPONSE[s/: false/: true/]