98 lines
2.5 KiB
Plaintext
98 lines
2.5 KiB
Plaintext
[role="xpack"]
|
|
[[security-api-get-privileges]]
|
|
=== Get application privileges API
|
|
++++
|
|
<titleabbrev>Get application privileges</titleabbrev>
|
|
++++
|
|
|
|
Retrieves
|
|
{stack-ov}/security-privileges.html#application-privileges[application privileges].
|
|
|
|
==== Request
|
|
|
|
`GET /_security/privilege` +
|
|
|
|
`GET /_security/privilege/<application>` +
|
|
|
|
`GET /_security/privilege/<application>/<privilege>`
|
|
|
|
|
|
==== Description
|
|
|
|
To check a user's application privileges, use the
|
|
<<security-api-has-privileges,has privileges API>>.
|
|
|
|
|
|
==== Path Parameters
|
|
|
|
`application`::
|
|
(string) The name of the application. Application privileges are always
|
|
associated with exactly one application.
|
|
If you do not specify this parameter, the API returns information about all
|
|
privileges for all applications.
|
|
|
|
`privilege`::
|
|
(string) The name of the privilege. If you do not specify this parameter, the
|
|
API returns information about all privileges for the requested application.
|
|
|
|
//==== Request Body
|
|
|
|
==== Authorization
|
|
|
|
To use this API, you must have either:
|
|
|
|
- the `manage_security` cluster privilege (or a greater privilege such as `all`); _or_
|
|
- the _"Manage Application Privileges"_ global privilege for the application being referenced
|
|
in the request
|
|
|
|
==== Examples
|
|
|
|
The following example retrieves information about the `read` privilege for the
|
|
`app01` application:
|
|
|
|
[source,js]
|
|
--------------------------------------------------
|
|
GET /_security/privilege/myapp/read
|
|
--------------------------------------------------
|
|
// CONSOLE
|
|
// TEST[setup:app0102_privileges]
|
|
|
|
A successful call returns an object keyed by application name and privilege
|
|
name. If the privilege is not defined, the request responds with a 404 status.
|
|
|
|
[source,js]
|
|
--------------------------------------------------
|
|
{
|
|
"myapp": {
|
|
"read": {
|
|
"application": "myapp",
|
|
"name": "read",
|
|
"actions": [
|
|
"data:read/*",
|
|
"action:login"
|
|
],
|
|
"metadata": {
|
|
"description": "Read access to myapp"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
--------------------------------------------------
|
|
// TESTRESPONSE
|
|
|
|
To retrieve all privileges for an application, omit the privilege name:
|
|
|
|
[source,js]
|
|
--------------------------------------------------
|
|
GET /_security/privilege/myapp/
|
|
--------------------------------------------------
|
|
// CONSOLE
|
|
|
|
To retrieve every privilege, omit both the application and privilege names:
|
|
|
|
[source,js]
|
|
--------------------------------------------------
|
|
GET /_security/privilege/
|
|
--------------------------------------------------
|
|
// CONSOLE
|