我的书签
添加书签
移除书签Get service accounts API
Get service accounts API
Retrieves information about service accounts.
Currently, only the elastic/fleet-server service account is available.
Request
GET /_security/service
GET /_security/service/<namespace>
GET /_security/service/<namespace>/<service>
Prerequisites
- To use this API, you must have at least the
manage_service_accountcluster privilege.
Description
This API returns a list of service accounts that match the provided path parameter(s).
Path parameters
namespace
(Optional, string) Name of the namespace. Omit this parameter to retrieve information about all service accounts. If you omit this parameter, you must also omit the service parameter.
service
(Optional, string) Name of the service name. Omit this parameter to retrieve information about all service accounts that belong to the specified namespace.
Response body
A successful call returns a JSON object of service accounts. The API returns an empty object if no service account is found.
Examples
To following request retrieves a service account for the elastic/fleet-server service account:
GET /_security/service/elastic/fleet-server
{"elastic/fleet-server": {"role_descriptor": {"cluster": ["monitor","manage_own_api_key"],"indices": [{"names": ["logs-*","metrics-*","traces-*","synthetics-*",".logs-endpoint.diagnostic.collection-*",".logs-endpoint.action.responses-*"],"privileges": ["write","create_index","auto_configure"],"allow_restricted_indices": false},{"names": [".fleet-*"],"privileges": ["read","write","monitor","create_index","auto_configure","maintenance"],"allow_restricted_indices": false}],"applications": [{"application" : "kibana-*","privileges" : ["reserved_fleet-setup"],"resources" : ["*"]}],"run_as": [],"metadata": {},"transient_metadata": {"enabled": true}}}}
Omit the namespace and service to retrieve all service accounts:
GET /_security/service
