Get roles Generally available

GET /_security/role/{name}
Api key auth

All methods and paths for this operation:

GET /_security/role

GET /_security/role/{name}

Get roles in the native realm. The role management APIs are generally the preferred way to manage roles, rather than using file-based role management. The get roles API cannot retrieve roles that are defined in roles files.

Required authorization

  • Cluster privileges: read_security

Path parameters

  • name string | array[string] Required

    The name of the role. You can specify multiple roles as a comma-separated list. If you do not specify this parameter, the API returns information about all roles.

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
    • * object Additional properties
      Hide * attributes Show * attributes object
      • cluster array[string] Required
      • indices array[object] Required
        Hide indices attributes Show indices attributes object
        • field_security object
          Hide field_security attributes Show field_security attributes object
          • except string | array[string]
          • grant string | array[string]

        • names string | array[string] Required

          A list of indices (or index name patterns) to which the permissions in this entry apply.

          One of:
          IndexName string array-2 array[string]
        • privileges array[string] Required

          The index level privileges that owners of the role have on the specified indices.

        • query string | object

          While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

          Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

          One of:
          string-1 string QueryContainer object RoleTemplateQuery object

          An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

          External documentation
      • metadata object Required
        Hide metadata attribute Show metadata attribute object
        • * object Additional properties
      • description string
      • run_as array[string]
      • transient_metadata object
        Hide transient_metadata attribute Show transient_metadata attribute object
        • * object Additional properties
      • applications array[object] Required
        Hide applications attributes Show applications attributes object
        • application string Required

          The name of the application to which this entry applies.

        • privileges array[string] Required

          A list of strings, where each element is the name of an application privilege or action.

        • resources array[string] Required

          A list resources to which the privileges are applied.

      • role_templates array[object]
        Hide role_templates attributes Show role_templates attributes object
        • format string

          Values are string or json.

        • template object Required
          Hide template attributes Show template attributes object

          • source string | object

            One of:
            string-1 string SearchRequestBody object
          • id string
          • params object

            Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

            Hide params attribute Show params attribute object
            • * object Additional properties

          • lang string

            Any of:
            string-1 string string-2 string

            Values are painless, expression, mustache, or java.

          • options object
            Hide options attribute Show options attribute object
            • * string Additional properties
      • global object Generally available
        Hide global attribute Show global attribute object
        • * object Additional properties
          Hide * attribute Show * attribute object
          • * object Additional properties
            Hide * attribute Show * attribute object
            • * array[string] Additional properties
GET /_security/role/{name} 
GET /_security/role/my_admin_role 
resp = client.security.get_role( name="my_admin_role", )
const response = await client.security.getRole({ name: "my_admin_role", });
response = client.security.get_role( name: "my_admin_role" )
$resp = $client->security()->getRole([ "name" => "my_admin_role", ]);
curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_security/role/my_admin_role"
client.security().getRole(g -> g .name("my_admin_role") );
Response examples (200)
A successful response from `GET /_security/role/my_admin_role`. The response contains information about the `my_admin_role` role in the native realm. 
{ "my_admin_role": { "description": "Grants full access to all management features within the cluster.", "cluster" : [ "all" ], "indices" : [ { "names" : [ "index1", "index2" ], "privileges" : [ "all" ], "allow_restricted_indices" : false, "field_security" : { "grant" : [ "title", "body" ]} } ], "applications" : [ ], "run_as" : [ "other_user" ], "metadata" : { "version" : 1 }, "transient_metadata": { "enabled": true } } }