Get service accounts Generally available; Added in 7.13.0

GET /_security/service/{namespace}/{service}
Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_security/service

GET /_security/service/{namespace}
GET /_security/service/{namespace}/{service}

Get a list of service accounts that match the provided path parameters.

NOTE: Currently, only the elastic/fleet-server service account is available.

Required authorization

  • Cluster privileges: manage_service_account
External documentation

Path parameters

  • namespace string Required

    The name of the namespace. Omit this parameter to retrieve information about all service accounts. If you omit this parameter, you must also omit the service parameter.

  • service string Required

    The service name. Omit this parameter to retrieve information about all service accounts that belong to the specified namespace.

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
    • * object Additional properties
      Hide * attribute Show * attribute object
      • role_descriptor object Required
        Hide role_descriptor attributes Show role_descriptor attributes object
        • cluster array[string] Required

          A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute.

        • indices array[object] Required

          A list of indices permissions entries.

          Hide indices attributes Show indices attributes object
          • field_security object
            Hide field_security attributes Show field_security attributes object
            • except string | array[string]
            • grant string | array[string]

          • names string | array[string] Required

            A list of indices (or index name patterns) to which the permissions in this entry apply.

            One of:
            IndexName string array-2 array[string]
          • privileges array[string] Required

            The index level privileges that owners of the role have on the specified indices.

          • query string | object

            While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

            Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

            One of:
            string-1 string QueryContainer object RoleTemplateQuery object

            An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

          • allow_restricted_indices boolean Generally available

            Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.

            Default value is false.

        • remote_indices array[object] Generally available; Added in 8.14.0

          A list of indices permissions for remote clusters.

          The subset of index level privileges that can be defined for remote clusters.

          Hide remote_indices attributes Show remote_indices attributes object
          • clusters string | array[string] Required
          • field_security object
            Hide field_security attributes Show field_security attributes object
            • except string | array[string]
            • grant string | array[string]

          • names string | array[string] Required

            A list of indices (or index name patterns) to which the permissions in this entry apply.

            One of:
            IndexName string array-2 array[string]
          • privileges array[string] Required

            The index level privileges that owners of the role have on the specified indices.

          • query string | object

            While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

            Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

            One of:
            string-1 string QueryContainer object RoleTemplateQuery object

            An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

          • allow_restricted_indices boolean Generally available

            Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.

            Default value is false.

        • remote_cluster array[object] Generally available; Added in 8.15.0

          A list of cluster permissions for remote clusters. NOTE: This is limited a subset of the cluster permissions.

          The subset of cluster level privileges that can be defined for remote clusters.

          Hide remote_cluster attributes Show remote_cluster attributes object
          • clusters string | array[string] Required
          • privileges array[string] Required

            The cluster level privileges that owners of the role have on the remote cluster.

            Values are monitor_enrich or monitor_stats.

        • global array[object] | object

          An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.

          One of:
          array-1 array[object] GlobalPrivilege object
          Hide attribute Show attribute object
          • application object Required
        • applications array[object]

          A list of application privilege entries

          Hide applications attributes Show applications attributes object
          • application string Required

            The name of the application to which this entry applies.

          • privileges array[string] Required

            A list of strings, where each element is the name of an application privilege or action.

          • resources array[string] Required

            A list resources to which the privileges are applied.

        • metadata object
          Hide metadata attribute Show metadata attribute object
          • * object Additional properties
        • run_as array[string]

          A list of users that the API keys can impersonate.

        • description string

          An optional description of the role descriptor.

        • restriction object
          Hide restriction attribute Show restriction attribute object
          • workflows array[string] Required

            A list of workflows to which the API key is restricted. NOTE: In order to use a role restriction, an API key must be created with a single role descriptor.

        • transient_metadata object
          Hide transient_metadata attribute Show transient_metadata attribute object
          • * object Additional properties
GET /_security/service/{namespace}/{service} 
GET /_security/service/elastic/fleet-server 
resp = client.security.get_service_accounts( namespace="elastic", service="fleet-server", )
const response = await client.security.getServiceAccounts({ namespace: "elastic", service: "fleet-server", });
response = client.security.get_service_accounts( namespace: "elastic", service: "fleet-server" )
$resp = $client->security()->getServiceAccounts([ "namespace" => "elastic", "service" => "fleet-server", ]);
curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_security/service/elastic/fleet-server"
client.security().getServiceAccounts(g -> g .namespace("elastic") .service("fleet-server") );
Response examples (200)
A successful response from `GET /_security/service/elastic/fleet-server`. The response contains information about the `elastic/fleet-server` service account. 
{ "elastic/fleet-server": { "role_descriptor": { "cluster": [ "monitor", "manage_own_api_key", "read_fleet_secrets" ], "indices": [ { "names": [ "logs-*", "metrics-*", "traces-*", ".logs-endpoint.diagnostic.collection-*", ".logs-endpoint.action.responses-*", ".logs-endpoint.heartbeat-*" ], "privileges": [ "write", "create_index", "auto_configure" ], "allow_restricted_indices": false }, { "names": [ "profiling-*" ], "privileges": [ "read", "write" ], "allow_restricted_indices": false }, { "names": [ "traces-apm.sampled-*" ], "privileges": [ "read", "monitor", "maintenance" ], "allow_restricted_indices": false }, { "names": [ ".fleet-secrets*" ], "privileges": [ "read" ], "allow_restricted_indices": true }, { "names": [ ".fleet-actions*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-agents*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-artifacts*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-enrollment-api-keys*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-policies*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-policies-leader*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-servers*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-fileds*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ "synthetics-*" ], "privileges": [ "read", "write", "create_index", "auto_configure" ], "allow_restricted_indices": false } ], "applications": [ { "application": "kibana-*", "privileges": [ "reserved_fleet-setup" ], "resources": [ "*" ] } ], "run_as": [], "metadata": {}, "transient_metadata": { "enabled": true } } } }