Config a role in roles.yml but cannot specify some privileges

I defined a customer role in roles.yml such as:

my_user_role:
cluster: [ 'all' ]
indices:
- names: [ '' ]
privileges: [ 'all' ]
applications: ['
']
run_as: ['*']

After starting elasticsearch and logged in kibana to look the roles:

GET /_security/role/my_user_role

I found the run_as and applications are empty arrays , no matter how I put values inside.

Why do the values not shown in privileges such as applications and run_as?

The out put from GET returns :

{
"my_user_role" : {
"cluster" : [
"all"
],
"indices" : [
{
"names" : [
"*"
],
"privileges" : [
"read"
],
"allow_restricted_indices" : false
}
],
"applications" : [ ],
"run_as" : [ ],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}

Thank you.

John

Roles defined through the API and roles defined in roles.yml are separate.
You cannot use the API to view roles.yml

1 Like

Thank you Tim. Do you mean I can define role1 in roles.yml and role1 (exactly same name) in API the same time? Which, API one or yml one, will be picked up by elastic search?

It will pick up the yml one.