Elastic Search

Elasticsearch Get User Privileges

Elasticsearch uses the concept of user, privileges, and roles to manage the security of various components within a cluster. Therefore, as a database administrator, you will need to monitor and control multiple users/roles in the cluster and determine which actions they are allowed to perform.

This tutorial will show you how you can determine the privileges assigned to a specific user within the cluster. Check out our tutorial on the topic to learn more if you are new to Elasticsearch users, permissions, or roles.

Elasticsearch Get User Privileges API

The Get User Privileges in Elasticsearch allows us to fetch the security permissions assigned to a logged-in user.

The request to the API endpoint follows a simple syntax as shown in the code below:

GET /_security/user/_privileges

 
Any user in the cluster has permission to use this API as long as they are fetching their privileges. Use the run as feature if you wish to determine the security permission of other users in the cluster.

Elasticsearch Get Users

We can start by fetching all the users in the cluster using the Get Users  API. An example request is shown below:

curl -XGET "http://localhost:9200/_security/user?pretty" -H "kbn-xsrf: reporting"

 
The request above should return all the users available in their cluster and their respective details. An example output is as shown below:

{
  "enterprise_search": {
    "username": "enterprise_search",
    "roles": [
      "enterprise-search-workplace-search-admin",
      "enterprise-search-app-search-owner"
    ],
    "full_name": "enterprise_search",
    "email": "[email protected]",
    "metadata": {},
    "enabled": true
  },
  "linuxhint": {
    "username": "linuxhint",
    "roles": [
      "editor",
      "viewer",
      "monitoring_user",
      "remote_monitoring_collector"
    ],
    "full_name": "Linux Hint",
    "email": "[email protected]",
    "metadata": {},
    "enabled": true
  }
}

 
In the example output above, we have linuxhint and enterprise_search users.

Elasticsearch Get User Privileges

Suppose we wish to retrieve the user permissions of the enterprise_search user. Then, we can a request as shown:

curl -XGET "http://localhost:9200/_security/user/_privileges" -H "kbn-xsrf: reporting"

 
The request above should return the security permissions of the current user.

{
  "cluster": [
    "all"
  ],
  "global": [],
  "indices": [
    {
      "names": [
        "*"
      ],
      "privileges": [
        "all"
      ],
      "allow_restricted_indices": false
    },
    {
      "names": [
        "*"
      ],
      "privileges": [
        "monitor",
        "read",
        "read_cross_cluster",
        "view_index_metadata"
      ],
      "allow_restricted_indices": true
    }
  ],
  "applications": [
    {
      "application": "*",
      "privileges": [
        "*"
      ],
      "resources": [
        "*"
      ]
    }
  ],
  "run_as": [
    "*"
  ]
}

 
In this case, we can see the current user has monitor, read, read_across_cluster, and view_index_metadata permissions.

Conclusion

In this article, you learned how to fetch the security privileges of the currently logged-in user using the Get User Privileges API.

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list