Check user privilegesAdded in 6.4.0

GET /_security/user/{user}/_has_privileges
Api key auth Basic auth Bearer auth

Determine whether the specified user has a specified list of privileges. All users can use this API, but only to determine their own privileges. To check the privileges of other users, you must use the run as feature.

External documentation

Path parameters

  • userstring Required

    Username

application/json

BodyRequired

  • applicationarray[object]
    Hide application attributes Show application attributes object
    • applicationstring Required

      The name of the application.

    • privilegesarray[string] Required

      A list of the privileges that you want to check for the specified resources. It may be either application privilege names or the names of actions that are granted by those privileges

    • resourcesarray[string] Required

      A list of resource names against which the privileges should be checked.

  • clusterarray[string]

    A list of the cluster privileges that you want to check.

  • indexarray[object]
    Hide index attributes Show index attributes object
    • namesstring | array[string] Required
    • privilegesarray[string] Required

      A list of the privileges that you want to check for the specified indices.

    • allow_restricted_indicesboolean

      This needs to be set to true (default is false) if using wildcards or regexps for patterns that cover restricted indices. Implicitly, restricted indices do not match index patterns because restricted indices usually have limited privileges and including them in pattern tests would render most such tests false. If restricted indices are explicitly included in the names list, privileges will be checked against them regardless of the value of allow_restricted_indices.

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • applicationobject Required
      Hide application attribute Show application attribute object
      • *object Additional properties
        Hide * attribute Show * attribute object
        • *object Additional properties
          Hide * attribute Show * attribute object
          • *boolean Additional properties
    • clusterobject Required
      Hide cluster attribute Show cluster attribute object
      • *boolean Additional properties
    • has_all_requestedboolean Required
    • indexobject Required
      Hide index attribute Show index attribute object
      • *object Additional properties
        Hide * attribute Show * attribute object
        • *boolean Additional properties
    • usernamestring Required
GET /_security/user/{user}/_has_privileges
curl \
 --request GET 'http://api.example.com/_security/user/{user}/_has_privileges' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"cluster\": [ \"monitor\", \"manage\" ],\n  \"index\" : [\n    {\n      \"names\": [ \"suppliers\", \"products\" ],\n      \"privileges\": [ \"read\" ]\n    },\n    {\n      \"names\": [ \"inventory\" ],\n      \"privileges\" : [ \"read\", \"write\" ]\n    }\n  ],\n  \"application\": [\n    {\n      \"application\": \"inventory_manager\",\n      \"privileges\" : [ \"read\", \"data:write/inventory\" ],\n      \"resources\" : [ \"product/1852563\" ]\n    }\n  ]\n}"'
Request example
Run `GET /_security/user/_has_privileges` to check whether the current user has a specific set of cluster, index, and application privileges.
{
  "cluster": [ "monitor", "manage" ],
  "index" : [
    {
      "names": [ "suppliers", "products" ],
      "privileges": [ "read" ]
    },
    {
      "names": [ "inventory" ],
      "privileges" : [ "read", "write" ]
    }
  ],
  "application": [
    {
      "application": "inventory_manager",
      "privileges" : [ "read", "data:write/inventory" ],
      "resources" : [ "product/1852563" ]
    }
  ]
}
Response examples (200)
A successful response from `GET /_security/user/_has_privileges`, which lists the privileges for the `rdeniro` user.
{
  "username": "rdeniro",
  "has_all_requested" : false,
  "cluster" : {
    "monitor" : true,
    "manage" : false
  },
  "index" : {
    "suppliers" : {
      "read" : true
    },
    "products" : {
      "read" : true
    },
    "inventory" : {
      "read" : true,
      "write" : false
    }
  },
  "application" : {
    "inventory_manager" : {
      "product/1852563" : {
        "read": false,
        "data:write/inventory": false
      }
    }
  }
}