Bulk delete roles Generally available; Added in 8.15.0

DELETE /_security/role

The role management APIs are generally the preferred way to manage roles, rather than using file-based role management. The bulk delete roles API cannot delete roles that are defined in roles files.

Required authorization

  • Cluster privileges: manage_security

Query parameters

  • refresh string

    If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes.

    Values are true, false, or wait_for.

application/json

Body Required

  • names array[string] Required

    An array of role names to delete

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • deleted array[string]

      Array of deleted roles

    • not_found array[string]

      Array of roles that could not be found

    • errors object
      Hide errors attributes Show errors attributes object
      • count number Required

        The number of errors

      • details object Required

        Details about the errors, keyed by role name

        Hide details attribute Show details attribute object
        • * object

          Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

          Hide * attributes Show * attributes object
          • type string Required

            The type of error

          • reason string | null

            A human-readable explanation of the error, in English.

          • stack_trace string

            The server stack trace. Present only if the error_trace=true parameter was sent with the request.

          • caused_by object

            Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

          • root_cause array[object]

            Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

            Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

          • suppressed array[object]

            Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

            Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

DELETE /_security/role { "names": ["my_admin_role", "my_user_role"] }
resp = client.security.bulk_delete_role( names=[ "my_admin_role", "my_user_role" ], )
const response = await client.security.bulkDeleteRole({ names: ["my_admin_role", "my_user_role"], });
response = client.security.bulk_delete_role( body: { "names": [ "my_admin_role", "my_user_role" ] } )
$resp = $client->security()->bulkDeleteRole([ "body" => [ "names" => array( "my_admin_role", "my_user_role", ), ], ]);
curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"names":["my_admin_role","my_user_role"]}' "$ELASTICSEARCH_URL/_security/role"
client.security().bulkDeleteRole(b -> b .names(List.of("my_admin_role","my_user_role")) ); 
Request example
Run DELETE /_security/role` to delete `my_admin_role` and `my_user_role` roles.
{ "names": ["my_admin_role", "my_user_role"] }
A successful response from `DELETE /_security/role`.
{ "deleted": [ "my_admin_role", "my_user_role" ] }
A partially successful response from `DELETE /_security/role`. If a role cannot be found, it appears in the `not_found` list in the response.
{ "deleted": [ "my_admin_role" ], "not_found": [ "not_an_existing_role" ] }
A partially successful response from `DELETE /_security/role`. If part of a request fails or is invalid, the response includes `errors`.
{ "deleted": [ "my_admin_role" ], "errors": { "count": 1, "details": { "superuser": { "type": "illegal_argument_exception", "reason": "role [superuser] is reserved and cannot be deleted" } } } }