Get roles API

Get roles API

New API reference

For the most up-to-date API details, refer to Security APIs.

Retrieves roles in the native realm.

Request

GET /_security/role

GET /_security/role/<name>

Prerequisites

  • To use this API, you must have at least the read_security cluster privilege.

Description

The role management APIs are generally the preferred way to manage roles, rather than using file-based role management. The get roles API cannot retrieve roles that are defined in roles files.

Path parameters

name

(Optional, string) The name of the role. You can specify multiple roles as a comma-separated list. If you do not specify this parameter, the API returns information about all roles.

Response body

A successful call returns an array of roles with the JSON representation of the role. The returned role format is a simple extension of the role definition format, only adding an extra field transient_metadata.enabled. This field is false in case the role is automatically disabled, for example when the license level does not allow some permissions that the role grants.

Response codes

If the role is not defined in the native realm, the request returns 404.

Examples

The following example retrieves information about the my_admin_role role in the native realm:

  1. resp = client.security.get_role(
  2.     name="my_admin_role",
  3. )
  4. print(resp)
  1. const response = await client.security.getRole({
  2.   name: "my_admin_role",
  3. });
  4. console.log(response);
  1. GET /_security/role/my_admin_role
  1. {
  2.   "my_admin_role": {
  3.     "description": "Grants full access to all management features within the cluster.",
  4.     "cluster" : [ "all" ],
  5.     "indices" : [
  6.       {
  7.         "names" : [ "index1", "index2" ],
  8.         "privileges" : [ "all" ],
  9.         "allow_restricted_indices" : false,
  10.         "field_security" : {
  11.           "grant" : [ "title", "body" ]}
  12.       }
  13.     ],
  14.     "applications" : [ ],
  15.     "run_as" : [ "other_user" ],
  16.     "metadata" : {
  17.       "version" : 1
  18.     },
  19.     "transient_metadata": {
  20.       "enabled": true
  21.     }
  22.   }
  23. }

To retrieve all roles, omit the role name:

  1. resp = client.security.get_role()
  2. print(resp)
  1. const response = await client.security.getRole();
  2. console.log(response);
  1. GET /_security/role