Suggest user profile API

Suggest user profile API

New API reference

For the most up-to-date API details, refer to Security APIs.

The user profile feature is designed only for use by Kibana and Elastic’s Observability, Enterprise Search, and Elastic Security solutions. Individual users and external applications should not call this API directly. Elastic reserves the right to change or remove this feature in future releases without prior notice.

Get suggestions for user profiles that match specified search criteria.

Request

GET /_security/profile/_suggest

POST /_security/profile/_suggest

Prerequisites

To use this API, you must have at least the read_security cluster privilege (or a greater privilege such as manage_user_profile or manage_security).

Query parameters

data

(Optional, string) Comma-separated list of filters for the data field of the profile document. To return all content, use data=*. To return a subset of content, use data=<key> to retrieve the content nested under the specified <key>. Defaults to returning no content.

Request body

name

(Optional, string) Query string used to match name-related fields in user profile documents. Name-related fields are the user’s username, full_name and email.

size

(Optional, integer) Number of profiles to return. Defaults to 10.

data

(Optional, string) Comma-separated list of filters for the data field of the profile document. It works the same way as the data query parameter.

It is an error to specify data as both the query parameter and the request body field.

hint

(Optional, object) Extra search criteria to improve relevance of the suggestion result. A profile matching the specified hint is ranked higher in the response. But not-matching the hint does not exclude a profile from the response as long as it matches the name field query.

Properties of hint:

  • uids

    (Optional, list of strings) A list of Profile UIDs to match against.

    labels

    (Optional, object) A single key-value pair to match against the labels section of a profile. The key must be a string and the value must be either a string or a list of strings. A profile is considered matching if it matches at least one of the strings.

Response body

total

(object) Metadata about the number of matching profiles.

took

(integer) Milliseconds it took Elasticsearch to execute the request.

profiles

(array of objects) List of profile documents, ordered by relevance, that match the search criteria.

Examples

The following request get suggestions for profile documents with name-related fields matching jack. It specifies both uids and labels hints for better relevance:

  1. resp = client.security.suggest_user_profiles(
  2. name="jack",
  3. hint={
  4. "uids": [
  5. "u_8RKO7AKfEbSiIHZkZZ2LJy2MUSDPWDr3tMI_CkIGApU_0",
  6. "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0"
  7. ],
  8. "labels": {
  9. "direction": [
  10. "north",
  11. "east"
  12. ]
  13. }
  14. },
  15. )
  16. print(resp)
  1. const response = await client.security.suggestUserProfiles({
  2. name: "jack",
  3. hint: {
  4. uids: [
  5. "u_8RKO7AKfEbSiIHZkZZ2LJy2MUSDPWDr3tMI_CkIGApU_0",
  6. "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0",
  7. ],
  8. labels: {
  9. direction: ["north", "east"],
  10. },
  11. },
  12. });
  13. console.log(response);
  1. POST /_security/profile/_suggest
  2. {
  3. "name": "jack",
  4. "hint": {
  5. "uids": [
  6. "u_8RKO7AKfEbSiIHZkZZ2LJy2MUSDPWDr3tMI_CkIGApU_0",
  7. "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0"
  8. ],
  9. "labels": {
  10. "direction": ["north", "east"]
  11. }
  12. }
  13. }

A profile’s name-related fields must match jack for it to be included in the response.

The uids hint include profile UIDs for both user jackspa and jacknich.

The labels hint ranks profiles higher if their direction label matches either north or east.

The API returns:

  1. {
  2. "took": 30,
  3. "total": {
  4. "value": 3,
  5. "relation": "eq"
  6. },
  7. "profiles": [
  8. {
  9. "uid": "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0",
  10. "user": {
  11. "username": "jacknich",
  12. "roles": [ "admin", "other_role1" ],
  13. "realm_name": "native",
  14. "email" : "jacknich@example.com",
  15. "full_name": "Jack Nicholson"
  16. },
  17. "labels": {
  18. "direction": "north"
  19. },
  20. "data": {}
  21. },
  22. {
  23. "uid": "u_8RKO7AKfEbSiIHZkZZ2LJy2MUSDPWDr3tMI_CkIGApU_0",
  24. "user": {
  25. "username": "jackspa",
  26. "roles": [ "user" ],
  27. "realm_name": "native",
  28. "email" : "jackspa@example.com",
  29. "full_name": "Jack Sparrow"
  30. },
  31. "labels": {
  32. "direction": "south"
  33. },
  34. "data": {}
  35. },
  36. {
  37. "uid": "u_P_0BMHgaOK3p7k-PFWUCbw9dQ-UFjt01oWJ_Dp2PmPc_0",
  38. "user": {
  39. "username": "jackrea",
  40. "roles": [ "admin" ],
  41. "realm_name": "native",
  42. "email" : "jackrea@example.com",
  43. "full_name": "Jack Reacher"
  44. },
  45. "labels": {
  46. "direction": "west"
  47. },
  48. "data": {}
  49. }
  50. ]
  51. }

User jacknich is ranked highest because the profile matches both the uids and labels hints

User jackspa is ranked second because the profile matches only the uids hint

User jackrea is ranked lowest because the profile does not match any hints. However, it is not excluded from the response because it matches the name query.