Create or update role APIedit

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Create a new Kibana role, or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.

Requestedit

PUT <kibana host>:<port>/api/security/role/my_kibana_role

Prerequisiteedit

To use the create or update role API, you must have the manage_security cluster privilege.

Request bodyedit

metadata
(Optional, object) In the metadata object, keys that begin with _ are reserved for system usage.
elasticsearch
(Optional, object) Elasticsearch cluster and index privileges. Valid keys include cluster, indices, remote_indices, and run_as. For more information, see Defining roles.
kibana

(list) Objects that specify the Kibana privileges for the role.

Properties of kibana
base
(Optional, list) A base privilege. When specified, the base must be ["all"] or ["read"]. When the base privilege is specified, you are unable to use the feature section. "all" grants read/write access to all Kibana features for the specified spaces. "read" grants read-only access to all Kibana features for the specified spaces.
feature
(object) Contains privileges for specific features. When the feature privileges are specified, you are unable to use the base section. To retrieve a list of available features, use the features API.
spaces
(list) The spaces to apply the privileges to. To grant access to all spaces, set to ["*"], or omit the value.

Query parametersedit

createOnly
(Optional, boolean) When true, will prevent overwriting the role if it already exists.

Response codeedit

204
Indicates a successful call.
409
When createOnly is true, indicates a conflict with an existing role.

Examplesedit

Grant access to various features in all spaces:

$ curl -X PUT api/security/role/my_kibana_role
{
  "metadata": {
    "version": 1
  },
  "elasticsearch": {
    "cluster": [ ],
    "indices": [ ]
  },
  "kibana": [
    {
      "base": [ ],
      "feature": {
       "discover": [ "all" ],
        "visualize": [ "all" ],
        "dashboard": [ "all" ],
        "dev_tools": [ "read" ],
        "advancedSettings": [ "read" ],
        "indexPatterns": [ "read" ],
        "graph": [ "all" ],
        "apm": [ "read" ],
        "maps": [ "read" ],
        "canvas": [ "read" ],
        "infrastructure": [ "all" ],
        "logs": [ "all" ],
        "uptime": [ "all"  ]
      },
      "spaces": [ "*" ]
    }
  ]
}

Grant dashboard-only access to only the Marketing space:

$ curl -X PUT api/security/role/my_kibana_role
{
  "metadata": {
    "version": 1
  },
  "elasticsearch": {
    "cluster": [ ],
    "indices": [ ]
  },
  "kibana": [
    {
      "base": [ ],
      "feature": {
        "dashboard": [ "read" ]
      },
      "spaces": [ "marketing" ]
    }
  ]
}

Grant full access to all features in the Default space:

$ curl -X PUT api/security/role/my_kibana_role
{
  "metadata": {
    "version": 1
  },
  "elasticsearch": {
    "cluster": [ ],
    "indices": [ ]
  },
  "kibana": [
    {
      "base": [ "all" ],
      "feature": { },
      "spaces": [ "default" ]
    }
  ]
}

Grant different access to different spaces:

$ curl -X PUT api/security/role/my_kibana_role
{
  "metadata": {
    "version": 1
  },
  "elasticsearch": {
    "cluster": [ ],
    "indices": [ ]
  },
  "kibana": [
    {
      "base": [ ],
      "feature": {
        "discover": [ "all" ],
        "dashboard": [ "all" ]
      },
      "spaces": [ "default" ]
    },
    {
      "base": [ "read"] ,
      "spaces": [ "marketing", "sales" ]
    }
  ]
}

Grant access to Kibana and Elasticsearch:

$ curl -X PUT api/security/role/my_kibana_role
{
  "metadata": {
    "version": 1
  },
  "elasticsearch": {
    "cluster": [ "all" ],
    "indices": [
      {
        "names": [ "index1", "index2" ],
        "privileges": [ "all" ]
      }
    ],
    "remote_indices": [
      {
        "clusters": [ "remote_cluster1" ],
        "names": [ "remote_index1", "remote_index2" ],
        "privileges": [ "all" ]
      }
    ]
  },
  "kibana": [
    {
      "base": [ "all" ],
      "feature": { },
      "spaces": [ "default" ]
    }
  ]
}