原文地址: https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-get-privileges.html, 原文档版权归 www.elastic.co 所有
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Get application privileges APIedit
Retrieves application privileges.
Requestedit
GET /_security/privilege
GET /_security/privilege/<application>
GET /_security/privilege/<application>/<privilege>
Prerequisitesedit
To use this API, you must have either:
-
the
manage_security
cluster privilege (or a greater privilege such asall
); or - the "Manage Application Privileges" global privilege for the application being referenced in the request
Descriptionedit
To check a user’s application privileges, use the has privileges API.
Path parametersedit
-
application
- (Optional, string) The name of the application. Application privileges are always associated with exactly one application. If you do not specify this parameter, the API returns information about all privileges for all applications.
-
privilege
- (Optional, string) The name of the privilege. If you do not specify this parameter, the API returns information about all privileges for the requested application.
Examplesedit
The following example retrieves information about the read
privilege for the
app01
application:
GET /_security/privilege/myapp/read
A successful call returns an object keyed by application name and privilege name. If the privilege is not defined, the request responds with a 404 status.
{ "myapp": { "read": { "application": "myapp", "name": "read", "actions": [ "data:read/*", "action:login" ], "metadata": { "description": "Read access to myapp" } } } }
To retrieve all privileges for an application, omit the privilege name:
GET /_security/privilege/myapp/
To retrieve every privilege, omit both the application and privilege names:
GET /_security/privilege/