Get roles | Elasticsearch API documentation

Get roles Generally available

GET /_security/role

Get roles in the native realm. The role management APIs are generally the preferred way to manage roles, rather than using file-based role management. The get roles API cannot retrieve roles that are defined in roles files.

Required authorization

Cluster privileges: read_security

Responses

200 application/json
Hide response attribute Show response attribute object
- * object Additional properties
  
  Hide * attributes Show * attributes object
  
  cluster array[string] Required
  
  indices array[object] Required
  
  Hide indices attributes Show indices attributes object
  
  field_security object
  
  Hide field_security attributes Show field_security attributes object
  
  except string | array[string]
  
  grant string | array[string]
  
  names string | array[string]
  
  A list of indices (or index name patterns) to which the permissions in this entry apply.
  
  One of:
  IndexName string array-2 array[string]
  
  privileges array[string] Required
  
  The index level privileges that owners of the role have on the specified indices.
  
  query string | object
  
  While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.
  
  Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.
  
  One of:
  IndicesPrivilegesQuery string QueryContainer object RoleTemplateQuery object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  allow_restricted_indices boolean Generally available
  
  Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.
  
  remote_indices array[object] Generally available; Added in 8.14.0
  
  The subset of index level privileges that can be defined for remote clusters.
  
  Hide remote_indices attributes Show remote_indices attributes object
  
  clusters string | array[string] Required
  
  field_security object
  
  Hide field_security attributes Show field_security attributes object
  
  except string | array[string]
  
  grant string | array[string]
  
  names string | array[string]
  
  A list of indices (or index name patterns) to which the permissions in this entry apply.
  
  One of:
  IndexName string array-2 array[string]
  
  privileges array[string] Required
  
  The index level privileges that owners of the role have on the specified indices.
  
  query string | object
  
  While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.
  
  Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.
  
  One of:
  IndicesPrivilegesQuery string QueryContainer object RoleTemplateQuery object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  allow_restricted_indices boolean Generally available
  
  Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.
  
  remote_cluster array[object] Generally available; Added in 8.15.0
  
  The subset of cluster level privileges that can be defined for remote clusters.
  
  Hide remote_cluster attributes Show remote_cluster attributes object
  
  clusters string | array[string] Required
  
  privileges array[string] Required
  
  The cluster level privileges that owners of the role have on the remote cluster.
  
  Values are monitor_enrich or monitor_stats.
  
  metadata object Required
  
  Hide metadata attribute Show metadata attribute object
  
  * object Additional properties
  
  description string
  
  run_as array[string]
  
  transient_metadata object
  
  Hide transient_metadata attribute Show transient_metadata attribute object
  
  * object Additional properties
  
  applications array[object] Required
  
  Hide applications attributes Show applications attributes object
  
  application string Required
  
  The name of the application to which this entry applies.
  
  privileges array[string] Required
  
  A list of strings, where each element is the name of an application privilege or action.
  
  resources array[string] Required
  
  A list resources to which the privileges are applied.
  
  role_templates array[object]
  
  Hide role_templates attributes Show role_templates attributes object
  
  format string
  
  Values are string or json.
  
  template object Required
  
  Hide template attributes Show template attributes object
  
  source string | object
  
  One of:
  ScriptSource string SearchRequestBody object
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  global object Generally available; Added in 8.0.0
  
  Hide global attribute Show global attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  * array[string] Additional properties

GET /_security/role

GET /_security/role/my_admin_role

resp = client.security.get_role(
    name="my_admin_role",
)

const response = await client.security.getRole({
  name: "my_admin_role",
});

response = client.security.get_role(
  name: "my_admin_role"
)

$resp = $client->security()->getRole([
    "name" => "my_admin_role",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_security/role/my_admin_role"

Response examples (200)

A successful response from `GET /_security/role/my_admin_role`. The response contains information about the `my_admin_role` role in the native realm.

{
  "my_admin_role": {
    "description": "Grants full access to all management features within the cluster.",
    "cluster" : [ "all" ],
    "indices" : [
      {
        "names" : [ "index1", "index2" ],
        "privileges" : [ "all" ],
        "allow_restricted_indices" : false,
        "field_security" : {
          "grant" : [ "title", "body" ]}
      }
    ],
    "applications" : [ ],
    "run_as" : [ "other_user" ],
    "metadata" : {
      "version" : 1
    },
    "transient_metadata": {
      "enabled": true
    }
  }
}

Get roles Generally available

Required authorization

Responses

names string | array[string]

query string | object

names string | array[string]

query string | object

source string | object

lang string