mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-24 23:27:25 -04:00
af99654dac
This commit does the following:
* Add a new monitor_stats privilege
* Ensure that monitor_stats can be set in the remote_cluster privileges
* Give's Kibana the ability to remotely call monitor_stats via RCS 2.0
Since this is the first case where there is more than 1 remote_cluster privilege,
the following framework concern has been added:
* Ensure that when sending to elder RCS 2.0 clusters that we don't send the new privilege
previous only supported all or nothing remote_cluster blocks
* Ensure that we when sending API key role descriptors that contains remote_cluster,
we don't send the new privileges for RCS 1.0/2.0 if it not new enough
* Fix and extend the BWC tests for RCS 1.0 and RCS 2.0
160 lines
4 KiB
Text
160 lines
4 KiB
Text
|
|
[role="xpack"]
|
|
[[security-api-get-builtin-privileges]]
|
|
=== Get builtin privileges API
|
|
++++
|
|
<titleabbrev>Get builtin privileges</titleabbrev>
|
|
++++
|
|
|
|
Retrieves the list of <<privileges-list-cluster,cluster privileges>> and
|
|
<<privileges-list-indices,index privileges>> that are
|
|
available in this version of {es}.
|
|
|
|
[[security-api-get-builtin-privileges-request]]
|
|
==== {api-request-title}
|
|
|
|
`GET /_security/privilege/_builtin`
|
|
|
|
|
|
[[security-api-get-builtin-privileges-prereqs]]
|
|
==== {api-prereq-title}
|
|
|
|
* To use this API, you must have the `read_security` cluster privilege
|
|
(or a greater privilege such as `manage_security` or `all`).
|
|
|
|
[[security-api-get-builtin-privileges-desc]]
|
|
==== {api-description-title}
|
|
|
|
This API retrieves the set of cluster and index privilege names that are
|
|
available in the version of {es} that is being queried.
|
|
|
|
To check whether a user has particular privileges, use the
|
|
<<security-api-has-privileges,has privileges API>>.
|
|
|
|
|
|
[[security-api-get-builtin-privileges-response-body]]
|
|
==== {api-response-body-title}
|
|
|
|
The response is an object with two fields:
|
|
|
|
`cluster`:: (array of string) The list of
|
|
<<privileges-list-cluster,cluster privileges>> that are understood by this
|
|
version of {es}.
|
|
|
|
`index`:: (array of string) The list of
|
|
<<privileges-list-indices,index privileges>> that are understood by this version
|
|
of {es}.
|
|
|
|
`remote_cluster`:: (array of string) The list of
|
|
<<roles-remote-cluster-priv, remote_cluster>> privileges that are understood by this version
|
|
of {es}.
|
|
|
|
[[security-api-get-builtin-privileges-example]]
|
|
==== {api-examples-title}
|
|
|
|
The following example retrieves the names of all builtin privileges:
|
|
|
|
[source,console]
|
|
--------------------------------------------------
|
|
GET /_security/privilege/_builtin
|
|
--------------------------------------------------
|
|
|
|
A successful call returns an object with "cluster", "index", and "remote_cluster" fields.
|
|
|
|
[source,console-result]
|
|
--------------------------------------------------
|
|
{
|
|
"cluster" : [
|
|
"all",
|
|
"cancel_task",
|
|
"create_snapshot",
|
|
"cross_cluster_replication",
|
|
"cross_cluster_search",
|
|
"delegate_pki",
|
|
"grant_api_key",
|
|
"manage",
|
|
"manage_api_key",
|
|
"manage_autoscaling",
|
|
"manage_behavioral_analytics",
|
|
"manage_ccr",
|
|
"manage_connector",
|
|
"manage_data_frame_transforms",
|
|
"manage_data_stream_global_retention",
|
|
"manage_enrich",
|
|
"manage_ilm",
|
|
"manage_index_templates",
|
|
"manage_inference",
|
|
"manage_ingest_pipelines",
|
|
"manage_logstash_pipelines",
|
|
"manage_ml",
|
|
"manage_oidc",
|
|
"manage_own_api_key",
|
|
"manage_pipeline",
|
|
"manage_rollup",
|
|
"manage_saml",
|
|
"manage_search_application",
|
|
"manage_search_query_rules",
|
|
"manage_search_synonyms",
|
|
"manage_security",
|
|
"manage_service_account",
|
|
"manage_slm",
|
|
"manage_token",
|
|
"manage_transform",
|
|
"manage_user_profile",
|
|
"manage_watcher",
|
|
"monitor",
|
|
"monitor_connector",
|
|
"monitor_data_frame_transforms",
|
|
"monitor_data_stream_global_retention",
|
|
"monitor_enrich",
|
|
"monitor_inference",
|
|
"monitor_ml",
|
|
"monitor_rollup",
|
|
"monitor_snapshot",
|
|
"monitor_stats",
|
|
"monitor_text_structure",
|
|
"monitor_transform",
|
|
"monitor_watcher",
|
|
"none",
|
|
"post_behavioral_analytics_event",
|
|
"read_ccr",
|
|
"read_connector_secrets",
|
|
"read_fleet_secrets",
|
|
"read_ilm",
|
|
"read_pipeline",
|
|
"read_security",
|
|
"read_slm",
|
|
"transport_client",
|
|
"write_connector_secrets",
|
|
"write_fleet_secrets"
|
|
],
|
|
"index" : [
|
|
"all",
|
|
"auto_configure",
|
|
"create",
|
|
"create_doc",
|
|
"create_index",
|
|
"cross_cluster_replication",
|
|
"cross_cluster_replication_internal",
|
|
"delete",
|
|
"delete_index",
|
|
"index",
|
|
"maintenance",
|
|
"manage",
|
|
"manage_data_stream_lifecycle",
|
|
"manage_follow_index",
|
|
"manage_ilm",
|
|
"manage_leader_index",
|
|
"monitor",
|
|
"none",
|
|
"read",
|
|
"read_cross_cluster",
|
|
"view_index_metadata",
|
|
"write"
|
|
],
|
|
"remote_cluster" : [
|
|
"monitor_enrich",
|
|
"monitor_stats"
|
|
]
|
|
}
|
|
--------------------------------------------------
|