API. How can I add indexes to a role?

rebirther · September 16, 2017, 5:47am

Hello guys

Suppose there is a role:

Summary

#GET /_xpack/security/role/role-name

{
  "role-name": {
    "cluster": [
      "monitor",
      "manage_index_templates"
    ],
    "indices": [
      {
        "names": [
          "index1-*",
          "index2-*",
          "index3-*"
        ],
        "privileges": [
          "read",
          "write",
          "create_index"
        ],
        "field_security": {
          "grant": [
            "*"
          ]
        }
      }
    ],
    "run_as": [],
    "metadata": {},
    "transient_metadata": {
      "enabled": true
    }
  }
}

What kind of request should I send to get this?:

Summary

{
  "role-name": {
    "cluster": [
      "monitor",
      "manage_index_templates"
    ],
    "indices": [
      {
        "names": [
          "index1-*",
          "index2-*",
          "index3-*"
        ],
        "privileges": [
          "read",
          "write",
          "create_index"
        ],
        "field_security": {
          "grant": [
            "*"
          ]
        }
      },
      {
        "names": [
          "index-other1-*"
        ],
        "privileges": [
          "read",
          "write",
          "create_index"
        ],
        "field_security": {
          "grant": [
            "*"
          ]
        }
      }
    ],
    "run_as": [],
    "metadata": {},
    "transient_metadata": {
      "enabled": true
    }
  }
}

That is, I want to add privileges to another index.
Is there a way of not requesting current role permissions, but adding new permissions?

I tried this method, but it overwrites the data:

Summary

#PUT /_xpack/security/role/role-name

{
  "indices": [
    {
      "names": [
        "index-other1-*"
      ],
      "privileges": [
        "read",
        "write",
        "create_index"
      ],
      "field_security" : {
        "grant" : [ 
          "*"
        ]
      }
    }
  ]
}

TimV · September 16, 2017, 10:31pm

There are no partial update options in the security APIs.

If you want to update a role, then you need to use a GET request, then merge your changes into the JSON and send that as a PUT.

rebirther · September 17, 2017, 2:00pm

Thank you, Tim

That's exactly what I did

Is it worth hoping that when this method/request is added?
Or is it absent for security/architecture reasons?

system · October 15, 2017, 2:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to Build a Role with Java API for indices privileges Elasticsearch elastic-stack-security , language-clients	6	538	January 4, 2022
How to cofigure roles.yml and role-mapping.yml in pki Elasticsearch elastic-stack-security	2	650	July 5, 2019
Role Management - Access to 1 index only Elasticsearch	9	2883	June 27, 2018
Elasticsearch put role API Elasticsearch	2	353	August 19, 2020
Role that would allow a user to create index in ES Elasticsearch elastic-stack-security	5	3653	June 28, 2021

API. How can I add indexes to a role?

Related topics