Is there a way to add additional role to user without specifying full array of roles?


Is there a way to add additional roles for a user per api without specifying the full set of roles (old roles + new role)?

I want to script user creation via ansible and it would be nice if I can just create a new role and add it to the user so that it is only appended.

Thanks, Andreas

It is not possible through the officially supported security APIs.

DISCLAIMER: WARNING! WARNING!! the following content is provided only for discussion purpose. It is NOT recommended or supported in anyway. Doing it is a risk to your cluster integrity. Do NOT do it on your production cluster.

Users from native realms are stored in the .security index as regulard elasticsearch document. Therefore it possible to update it directly just as a normal document. Since the update is done without going through the normal security APIs, cache needs to be cleared before the new roles can be recognised.

I think the proper way forward is to do the extra step of making a request to the GET user API, get the JSON array of roles, add your new one and then perform the PUT request to update the user.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.