mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-24 23:27:25 -04:00
255c9a7f95
**Problem:** For historical reasons, source files for the Elasticsearch Guide's security, watcher, and Logstash API docs are housed in the `x-pack/docs` directory. This can confuse new contributors who expect Elasticsearch Guide docs to be located in `docs/reference`. **Solution:** - Move the security, watcher, and Logstash API doc source files to the `docs/reference` directory - Update doc snippet tests to use security Rel: https://github.com/elastic/platform-docs-team/issues/208
31 lines
1.1 KiB
Text
31 lines
1.1 KiB
Text
[role="xpack"]
|
|
[[role-restriction]]
|
|
=== Role restriction
|
|
|
|
Role restriction can be used to specify conditions under which a role should be effective.
|
|
When conditions are not met, the role will be disabled, which will result in access being denied.
|
|
Not specifying restriction means the role is not restricted and thus always effective.
|
|
This is the default behaviour.
|
|
|
|
--
|
|
NOTE: Currently, the role restriction is only supported for <<security-api-create-api-key, API keys>>,
|
|
with limitation that the API key can only have a single role descriptor.
|
|
--
|
|
|
|
[[workflows-restriction]]
|
|
==== Workflows
|
|
|
|
Workflows allow to restrict the role to be effective exclusively when calling certain REST APIs.
|
|
Calling a REST API that is not allowed by a workflow, will result in the role being disabled.
|
|
The below section lists workflows that you can restrict the role to:
|
|
|
|
`search_application_query`::: This workflow restricts the role to the <<search-application-search, Search Application Search API>> only.
|
|
|
|
--
|
|
NOTE: Workflow names are case-sensitive.
|
|
--
|
|
|
|
[discrete]
|
|
==== Examples
|
|
|
|
include::../../rest-api/security/create-api-keys.asciidoc[tag=create-api-key-with-role-restriction-example]
|