Bulk delete roles API

Bulk delete roles API

New API reference

For the most up-to-date API details, refer to Security APIs.

Bulk deletes roles in the native realm.

Request

DELETE /_security/role/

Prerequisites

  • To use this API, you must have at least the manage_security cluster privilege.

Description

The role management APIs are generally the preferred way to manage roles, rather than using file-based role management. The bulk delete roles API cannot delete roles that are defined in roles files.

Path parameters

refresh

Optional setting of the refresh policy for the write request. Defaults to Immediate.

Request body

The following parameters can be specified in the body of a DELETE request and pertain to deleting a set of roles:

names

(list) A list of role names to delete.

Examples

The following example deletes a my_admin_role and my_user_role roles:

  1. resp = client.security.bulk_delete_role(
  2.     names=[
  3.         "my_admin_role",
  4.         "my_user_role"
  5.     ],
  6. )
  7. print(resp)
  1. const response = await client.security.bulkDeleteRole({
  2.   names: ["my_admin_role", "my_user_role"],
  3. });
  4. console.log(response);
  1. DELETE /_security/role
  2. {
  3.     "names": ["my_admin_role", "my_user_role"]
  4. }

If the roles are successfully deleted, the request returns:

  1. {
  2.     "deleted": [
  3.         "my_admin_role",
  4.         "my_user_role"
  5.     ]
  6. }

If a role cannot be found, the not found roles are grouped under not_found:

  1. resp = client.security.bulk_delete_role(
  2.     names=[
  3.         "my_admin_role",
  4.         "not_an_existing_role"
  5.     ],
  6. )
  7. print(resp)
  1. const response = await client.security.bulkDeleteRole({
  2.   names: ["my_admin_role", "not_an_existing_role"],
  3. });
  4. console.log(response);
  1. DELETE /_security/role
  2. {
  3.     "names": ["my_admin_role", "not_an_existing_role"]
  4. }
  1. {
  2.     "deleted": [
  3.         "my_admin_role"
  4.     ],
  5.     "not_found": [
  6.         "not_an_existing_role"
  7.     ]
  8. }

If a request fails or is invalid, the errors are grouped under errors:

  1. resp = client.security.bulk_delete_role(
  2.     names=[
  3.         "my_admin_role",
  4.         "superuser"
  5.     ],
  6. )
  7. print(resp)
  1. const response = await client.security.bulkDeleteRole({
  2.   names: ["my_admin_role", "superuser"],
  3. });
  4. console.log(response);
  1. DELETE /_security/role
  2. {
  3.     "names": ["my_admin_role", "superuser"]
  4. }
  1. {
  2.     "deleted": [
  3.         "my_admin_role"
  4.     ],
  5.     "errors": {
  6.         "count": 1,
  7.         "details": {
  8.             "superuser": {
  9.                 "type": "illegal_argument_exception",
  10.                 "reason": "role [superuser] is reserved and cannot be deleted"
  11.             }
  12.         }
  13.     }
  14. }