Skip to content

Commit

Permalink
[DOCS] Add get user privileges API (#73016) (#74440)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lcawl
lcawl committed Jun 22, 2021
1 parent 3400b10 commit aea0b6a
Show file tree
Hide file tree
Showing 8 changed files with 88 additions and 6 deletions.
3 changes: 3 additions & 0 deletions docs/java-rest/high-level/security/get-builtin-privileges.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@
[id="{upid}-{api}"]
=== Get Builtin Privileges API

Retrieves the list of cluster privileges and index privileges that are
available in this version of {es}.

include::../execution-no-req.asciidoc[]

[id="{upid}-{api}-response"]
Expand Down
6 changes: 4 additions & 2 deletions docs/java-rest/high-level/security/get-privileges.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,14 @@
--
[role="xpack"]
[id="{upid}-{api}"]
=== Get Privileges API
=== Get Application Privileges API

Retrieves application privileges.

[id="{upid}-{api}-request"]
==== Get Privileges Request

The +{request}+ supports getting privilege(s) for all or for specific applications.
The +{request}+ supports getting privileges for all or for specific applications.

===== Specific privilege of a specific application

Expand Down
2 changes: 2 additions & 0 deletions docs/java-rest/high-level/security/get-user-privileges.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
[id="{upid}-{api}"]
=== Get User Privileges API

Retrieves security privileges for the logged in user.

include::../execution-no-req.asciidoc[]

[id="{upid}-{api}-response"]
Expand Down
2 changes: 2 additions & 0 deletions docs/java-rest/high-level/security/has-privileges.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
[id="{upid}-{api}"]
=== Has Privileges API

Determines whether the logged in user has a specified list of privileges.

[id="{upid}-{api}-request"]
==== Has Privileges Request
The +{request}+ supports checking for any or all of the following privilege types:
Expand Down
4 changes: 2 additions & 2 deletions rest-api-spec/src/main/resources/rest-api-spec/api/security.get_user_privileges.json
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{
"security.get_user_privileges":{
"documentation":{
"url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-privileges.html",
"description":"Retrieves application privileges."
"url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user-privileges.html",
"description":"Retrieves security privileges for the logged in user."
},
"stability":"stable",
"visibility":"public",
Expand Down
2 changes: 2 additions & 0 deletions x-pack/docs/en/rest-api/security.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ You can use the following APIs to perform security activities.
* <<security-api-has-privileges>>
* <<security-api-ssl>>
* <<security-api-get-builtin-privileges>>
* <<security-api-get-user-privileges>>

[discrete]
[[security-api-app-privileges]]
Expand Down Expand Up @@ -148,6 +149,7 @@ include::security/get-roles.asciidoc[]
include::security/get-service-accounts.asciidoc[]
include::security/get-service-credentials.asciidoc[]
include::security/get-tokens.asciidoc[]
include::security/get-user-privileges.asciidoc[]
include::security/get-users.asciidoc[]
include::security/grant-api-keys.asciidoc[]
include::security/has-privileges.asciidoc[]
Expand Down
72 changes: 72 additions & 0 deletions x-pack/docs/en/rest-api/security/get-user-privileges.asciidoc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
[role="xpack"]
[[security-api-get-user-privileges]]
=== Get user privileges API
++++
<titleabbrev>Get user privileges</titleabbrev>
++++

Retrieves the <<security-privileges,security privileges>> for the logged in
user.

[[security-api-get-user-privileges-request]]
==== {api-request-title}

`GET /_security/user/_privileges`

[[security-api-get-user-privileges-prereqs]]
==== {api-prereq-title}

* All users can use this API, but only to determine their own privileges. To
check the privileges of other users, you must use the run as feature. For
more information, see <<run-as-privilege>>.

[[security-api-get-user-privileges-desc]]
==== {api-description-title}

To check whether a user has a specific list of privileges, use the
<<security-api-has-privileges,has privileges API>>.


[[security-api-get-user-privileges-example]]
==== {api-examples-title}

[source,console]
--------------------------------------------------
GET /_security/user/_privileges
--------------------------------------------------

[source,console-result]
--------------------------------------------------
{
"cluster" : [
"all"
],
"global" : [ ],
"indices" : [
{
"names" : [
"*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : true
}
],
"applications" : [
{
"application" : "*",
"privileges" : [
"*"
],
"resources" : [
"*"
]
}
],
"run_as" : [
"*"
]
}
--------------------------------------------------
// TESTRESPONSE[s/: false/: true/]
3 changes: 1 addition & 2 deletions x-pack/docs/en/rest-api/security/has-privileges.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,7 @@
++++
[[security-api-has-privilege]]

The `has_privileges` API allows you to determine whether the logged in user has
a specified list of privileges.
Determines whether the logged in user has a specified list of privileges.

[[security-api-has-privileges-request]]
==== {api-request-title}
Expand Down

0 comments on commit aea0b6a

Please sign in to comment.