我的书签
添加书签
移除书签Create or update role API
[experimental] This functionality is experimental and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but experimental features are not subject to the support SLA of official GA features. Create a new Kibana role, or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
Request
PUT <kibana host>:<port>/api/security/role/my_kibana_role
Prerequisite
To use the create or update role API, you must have the manage_security cluster privilege.
Request body
metadata
(Optional, object) In the metadata object, keys that begin with _ are reserved for system usage.
elasticsearch
(Optional, object) Elasticsearch cluster and index privileges. Valid keys include cluster, indices, and run_as. For more information, see Defining roles.
kibana
(list) Objects that specify the Kibana privileges for the role.
Properties of kibana
base(Optional, list) A base privilege. When specified, the base must be
["all"]or["read"]. When thebaseprivilege is specified, you are unable to use thefeaturesection. “all” grants read/write access to all Kibana features for the specified spaces. “read” grants read-only access to all Kibana features for the specified spaces.feature(object) Contains privileges for specific features. When the
featureprivileges are specified, you are unable to use thebasesection. To retrieve a list of available features, use the features API.spaces(list) The spaces to apply the privileges to. To grant access to all spaces, set to
["*"], or omit the value.
Response code
204
Indicates a successful call.
Examples
Grant access to various features in all spaces:
$ curl -X PUT api/security/role/my_kibana_role{"metadata" : {"version" : 1},"elasticsearch": {"cluster" : [ ],"indices" : [ ]},"kibana": [{"base": [],"feature": {"discover": ["all"],"visualize": ["all"],"dashboard": ["all"],"dev_tools": ["read"],"advancedSettings": ["read"],"indexPatterns": ["read"],"timelion": ["all"],"graph": ["all"],"apm": ["read"],"maps": ["read"],"canvas": ["read"],"infrastructure": ["all"],"logs": ["all"],"uptime": ["all"]},"spaces": ["*"]}]}
Grant dashboard-only access to only the Marketing space:
$ curl -X PUT api/security/role/my_kibana_role{"metadata" : {"version" : 1},"elasticsearch": {"cluster" : [ ],"indices" : [ ]},"kibana": [{"base": [],"feature": {"dashboard": ["read"]},"spaces": ["marketing"]}]}
Grant full access to all features in the Default space:
$ curl -X PUT api/security/role/my_kibana_role{"metadata" : {"version" : 1},"elasticsearch": {"cluster" : [ ],"indices" : [ ]},"kibana": [{"base": ["all"],"feature": {},"spaces": ["default"]}]}
Grant different access to different spaces:
$ curl -X PUT api/security/role/my_kibana_role{"metadata" : {"version" : 1},"elasticsearch": {"cluster" : [ ],"indices" : [ ]},"kibana": [{"base": [],"feature": {"discover": ["all"],"dashboard": ["all"]},"spaces": ["default"]},{"base": ["read"],"spaces": ["marketing","sales"]}]}
Grant access to Kibana and Elasticsearch:
$ curl -X PUT api/security/role/my_kibana_role{"metadata" : {"version" : 1},"elasticsearch": {"cluster" : [ "all" ],"indices" : [ {"names" : [ "index1", "index2" ],"privileges" : [ "all" ],"field_security" : {"grant" : [ "title", "body" ]},"query" : "{\"match\": {\"title\": \"foo\"}}"} ]},"kibana": [{"base": ["all"],"feature": {},"spaces": ["default"]}]}
