Docs
-->
Elasticsearch Reference [7.0] » X-Pack APIs » Security APIs » Get application privileges API
«  Get API key information API     Get role mappings API  »

Get application privileges API

Retrieves application privileges.

Request

GET /_security/privilege

GET /_security/privilege/<application>

GET /_security/privilege/<application>/<privilege>

Description

To check a user’s application privileges, use the has privileges API.

Path Parameters

application
(string) The name of the application. Application privileges are always associated with exactly one application. If you do not specify this parameter, the API returns information about all privileges for all applications.
privilege
(string) The name of the privilege. If you do not specify this parameter, the API returns information about all privileges for the requested application.

Authorization

To use this API, you must have either:

  • the manage_security cluster privilege (or a greater privilege such as all); or
  • the "Manage Application Privileges" global privilege for the application being referenced in the request

Examples

The following example retrieves information about the read privilege for the app01 application:

GET /_security/privilege/myapp/read

A successful call returns an object keyed by application name and privilege name. If the privilege is not defined, the request responds with a 404 status.

{
  "myapp": {
    "read": {
      "application": "myapp",
      "name": "read",
      "actions": [
        "data:read/*",
        "action:login"
      ],
      "metadata": {
        "description": "Read access to myapp"
      }
    }
  }
}

To retrieve all privileges for an application, omit the privilege name:

GET /_security/privilege/myapp/

To retrieve every privilege, omit both the application and privilege names:

GET /_security/privilege/
«  Get API key information API     Get role mappings API  »