Create or update role APIedit
[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Create a new Kibana role, or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
Requestedit
PUT <kibana host>:<port>/api/security/role/my_kibana_role
Prerequisiteedit
To use the create or update role API, you must have the manage_security
cluster privilege.
Request bodyedit
-
metadata
-
(Optional, object) In the
metadata
object, keys that begin with_
are reserved for system usage. -
elasticsearch
-
(Optional, object) Elasticsearch cluster and index privileges. Valid keys include
cluster
,indices
,remote_indices
, andrun_as
. For more information, see Defining roles. -
kibana
-
(list) Objects that specify the Kibana privileges for the role.
Properties of
kibana
-
base
-
(Optional, list) A base privilege. When specified, the base must be
["all"]
or["read"]
. When thebase
privilege is specified, you are unable to use thefeature
section. "all" grants read/write access to all Kibana features for the specified spaces. "read" grants read-only access to all Kibana features for the specified spaces. -
feature
-
(object) Contains privileges for specific features.
When the
feature
privileges are specified, you are unable to use thebase
section. To retrieve a list of available features, use the features API. -
spaces
-
(list) The spaces to apply the privileges to.
To grant access to all spaces, set to
["*"]
, or omit the value.
-
Query parametersedit
-
createOnly
-
(Optional, boolean) When
true
, will prevent overwriting the role if it already exists.
Response codeedit
-
204
- Indicates a successful call.
-
409
-
When
createOnly
is true, indicates a conflict with an existing role.
Examplesedit
Grant access to various features in all spaces:
$ curl -X PUT api/security/role/my_kibana_role { "metadata": { "version": 1 }, "elasticsearch": { "cluster": [ ], "indices": [ ] }, "kibana": [ { "base": [ ], "feature": { "discover": [ "all" ], "visualize": [ "all" ], "dashboard": [ "all" ], "dev_tools": [ "read" ], "advancedSettings": [ "read" ], "indexPatterns": [ "read" ], "graph": [ "all" ], "apm": [ "read" ], "maps": [ "read" ], "canvas": [ "read" ], "infrastructure": [ "all" ], "logs": [ "all" ], "uptime": [ "all" ] }, "spaces": [ "*" ] } ] }
Grant dashboard-only access to only the Marketing space:
$ curl -X PUT api/security/role/my_kibana_role { "metadata": { "version": 1 }, "elasticsearch": { "cluster": [ ], "indices": [ ] }, "kibana": [ { "base": [ ], "feature": { "dashboard": [ "read" ] }, "spaces": [ "marketing" ] } ] }
Grant full access to all features in the Default space:
$ curl -X PUT api/security/role/my_kibana_role { "metadata": { "version": 1 }, "elasticsearch": { "cluster": [ ], "indices": [ ] }, "kibana": [ { "base": [ "all" ], "feature": { }, "spaces": [ "default" ] } ] }
Grant different access to different spaces:
$ curl -X PUT api/security/role/my_kibana_role { "metadata": { "version": 1 }, "elasticsearch": { "cluster": [ ], "indices": [ ] }, "kibana": [ { "base": [ ], "feature": { "discover": [ "all" ], "dashboard": [ "all" ] }, "spaces": [ "default" ] }, { "base": [ "read"] , "spaces": [ "marketing", "sales" ] } ] }
Grant access to Kibana and Elasticsearch:
$ curl -X PUT api/security/role/my_kibana_role { "metadata": { "version": 1 }, "elasticsearch": { "cluster": [ "all" ], "indices": [ { "names": [ "index1", "index2" ], "privileges": [ "all" ] } ], "remote_indices": [ { "clusters": [ "remote_cluster1" ], "names": [ "remote_index1", "remote_index2" ], "privileges": [ "all" ] } ] }, "kibana": [ { "base": [ "all" ], "feature": { }, "spaces": [ "default" ] } ] }