API. How can I add indexes to a role?


(Pavel Bogdanov) #1

Hello guys

Suppose there is a role:

Summary
#GET /_xpack/security/role/role-name

{
  "role-name": {
    "cluster": [
      "monitor",
      "manage_index_templates"
    ],
    "indices": [
      {
        "names": [
          "index1-*",
          "index2-*",
          "index3-*"
        ],
        "privileges": [
          "read",
          "write",
          "create_index"
        ],
        "field_security": {
          "grant": [
            "*"
          ]
        }
      }
    ],
    "run_as": [],
    "metadata": {},
    "transient_metadata": {
      "enabled": true
    }
  }
}

What kind of request should I send to get this?:

Summary
{
  "role-name": {
    "cluster": [
      "monitor",
      "manage_index_templates"
    ],
    "indices": [
      {
        "names": [
          "index1-*",
          "index2-*",
          "index3-*"
        ],
        "privileges": [
          "read",
          "write",
          "create_index"
        ],
        "field_security": {
          "grant": [
            "*"
          ]
        }
      },
      {
        "names": [
          "index-other1-*"
        ],
        "privileges": [
          "read",
          "write",
          "create_index"
        ],
        "field_security": {
          "grant": [
            "*"
          ]
        }
      }
    ],
    "run_as": [],
    "metadata": {},
    "transient_metadata": {
      "enabled": true
    }
  }
}

That is, I want to add privileges to another index.
Is there a way of not requesting current role permissions, but adding new permissions?

I tried this method, but it overwrites the data:

Summary
#PUT /_xpack/security/role/role-name

{
  "indices": [
    {
      "names": [
        "index-other1-*"
      ],
      "privileges": [
        "read",
        "write",
        "create_index"
      ],
      "field_security" : {
        "grant" : [ 
          "*"
        ]
      }
    }
  ]
}

(Tim Vernum) #2

There are no partial update options in the security APIs.

If you want to update a role, then you need to use a GET request, then merge your changes into the JSON and send that as a PUT.


(Pavel Bogdanov) #3

Thank you, Tim

That's exactly what I did

Is it worth hoping that when this method/request is added?
Or is it absent for security/architecture reasons?


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.