Adds and updates roles in the native realm.
The role API is generally the preferred way to manage roles, rather than using file-based role management. For more information about the native realm, see Realms and Configuring a native realm.
The following parameters can be specified in the body of a PUT or POST request and pertain to adding a role:
applications
(list) A list of application privilege entries.
application
(required)
privileges
resources
cluster
global
indices
(list) A list of indices permissions entries.
field_security
names
(required)
privileges
(required)
query
metadata
metadata
object, keys
that begin with _
are reserved for system usage.
run_as
For more information, see Defining roles.
The following example adds a role called my_admin_role
:
POST /_security/role/my_admin_role { "cluster": ["all"], "indices": [ { "names": [ "index1", "index2" ], "privileges": ["all"], "field_security" : { // optional "grant" : [ "title", "body" ] }, "query": "{\"match\": {\"title\": \"foo\"}}" // optional } ], "applications": [ { "application": "myapp", "privileges": [ "admin", "read" ], "resources": [ "*" ] } ], "run_as": [ "other_user" ], // optional "metadata" : { // optional "version" : 1 } }
A successful call returns a JSON structure that shows whether the role has been created or updated.