63 lines
1.4 KiB
Plaintext
63 lines
1.4 KiB
Plaintext
[[security-api-privileges]]
|
|
=== Privilege APIs
|
|
|
|
[[security-api-has-privilege]]
|
|
|
|
The `has_privileges` API allows you to determine whether the logged in user has
|
|
a specified list of privileges.
|
|
|
|
All users can use this API, but only to determine their own privileges.
|
|
To check the privileges of other users, you must use the
|
|
<<run-as-privilege,run as>> feature.
|
|
|
|
To check you privileges, submit a GET request to the
|
|
`_xpack/security/user/_has_privileges` endpoint:
|
|
|
|
[source,js]
|
|
--------------------------------------------------
|
|
GET _xpack/security/user/_has_privileges
|
|
{
|
|
"cluster": [ "monitor", "manage" ],
|
|
"index" : [
|
|
{
|
|
"names": [ "suppliers", "products" ],
|
|
"privileges": [ "read" ]
|
|
},
|
|
{
|
|
"names": [ "inventory" ],
|
|
"privileges" : [ "read", "write" ]
|
|
}
|
|
]
|
|
}
|
|
--------------------------------------------------
|
|
// CONSOLE
|
|
|
|
A successful call returns a JSON structure that shows whether each specified
|
|
privilege is assigned to the user
|
|
|
|
[source,js]
|
|
--------------------------------------------------
|
|
{
|
|
"username": "rdeniro",
|
|
"has_all_requested" : false,
|
|
"cluster" : {
|
|
"monitor" : true,
|
|
"manage" : false
|
|
},
|
|
"index" : {
|
|
"suppliers" : {
|
|
"read" : true
|
|
},
|
|
"products" : {
|
|
"read" : true
|
|
},
|
|
"inventory" : {
|
|
"read" : true,
|
|
"write" : false
|
|
}
|
|
}
|
|
}
|
|
--------------------------------------------------
|
|
// TESTRESPONSE[s/"rdeniro"/"$body.username"/]
|
|
// TESTRESPONSE[s/: false/: true/]
|