but it throws an error unauthorized user because this user need cluster privilege manage_security but
if I provide this privilege to logged in user then he/she can update other users profiles too
is there any method to update the logged-in profile without granting the manage_security privilege to the user? so that user only only update his or her profile
But if the logged in user is trying to update their profile- it could be done via curl request to grant additional cluster privileges. ( the user should have the privilege to grant more permissions in the first place)
GET /_security/user/_has_privileges
POST /_security/user/_has_privileges
Determines whether the logged in user has a specified list of privileges.
@Azhar_Uddin1 this is not possible today. The Elasticsearch privilege model does not offer this level of granularity at this time.
Within Kibana & ES, we are gradually introducing the concept of a more formal "User Profile", which will eventually allow end-users to customize properties such as their display name, and other preferences. This will be separate from the existing put_user (and related) APIs, however.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.