callWithRequest security.hasPrivileges not available

I am attempting to use callWithRequest to fetch elastic privilieges so I can customize my user's plugin experience based on whether or not they have access to read/write to an index within elastic.

However, I can't find a single example that explains how to use a sub-object portion of the API in conjunction with callWithRequest.

For instance, I've tried:

callWithRequest(req, 'security.hasPrivileges', {
          user: req.auth.credentials.username,
          body: {
            cluster: 'data',
            index: {
              names: [payload.index],
              privileges: ['write']
        }).then(function (response) {
          return response;
        }).catch(err => {
          return { error: err, message: 'Invalid Check for Security Privileges' };

Try the transport.request method:

callWithRequest(req, 'transport.request', {
  method: 'POST',
  path: '/_security/user/_has_privileges', // see
  body: { ... }

I'm pretty sure the user doesn't need to be specified in options, as it's taken from req.headers

This looks like it works! Thanks! Never encountered this anywhere in the docs as a suggestion (and hours of googling).

Now I'm stuck with the 'current license is non-compliant for [security]' since I'm using the elastic / kibana docker images for development.

Know of any paths I can take to work on developing under these conditions without a license? Or is a temp license a possibility?

I don't know why, but it looks like the reference for this method only shows up under "Examples"

I thought it used to also be under API Reference. I'll check if I'm mistaken.

I'm not sure if there is a decent solution, since that's not the recommended set up for development.

There are a lot of features of security available with a Basic license, if that helps. See Security for Elasticsearch is now free | Elastic Blog

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.