Get User Privileges API

edit

Synchronous execution

edit

When executing the get-user-privileges API in the following manner, the client waits for the GetUserPrivilegesResponse to be returned before continuing with code execution:

GetUserPrivilegesResponse response = client.security().getUserPrivileges(RequestOptions.DEFAULT);

Synchronous calls may throw an IOException in case of either failing to parse the REST response in the high-level REST client, the request times out or similar cases where there is no response coming back from the server.

In cases where the server returns a 4xx or 5xx error code, the high-level client tries to parse the response body error details instead and then throws a generic ElasticsearchException and adds the original ResponseException as a suppressed exception to it.

Asynchronous execution

edit

The get-user-privileges API can also be called in an asynchronous fashion so that the client can return directly. Users need to specify how the response or potential failures will be handled by passing a listener to the asynchronous get-user-privileges method:

client.security().getUserPrivilegesAsync(RequestOptions.DEFAULT, listener); 

The RequestOptions and ActionListener to use when the execution completes

The asynchronous method does not block and returns immediately. Once it is completed the ActionListener is called back using the onResponse method if the execution successfully completed or using the onFailure method if it failed. Failure scenarios and expected exceptions are the same as in the synchronous execution case.

A typical listener for get-user-privileges looks like:

ActionListener<GetUserPrivilegesResponse> listener = new ActionListener<GetUserPrivilegesResponse>() {
    @Override
    public void onResponse(GetUserPrivilegesResponse getUserPrivilegesResponse) {
        
    }

    @Override
    public void onFailure(Exception e) {
        
    }
};

Called when the execution is successfully completed.

Called when the get-user-privileges call fails.

Get User Privileges Response

edit

The returned GetUserPrivilegesResponse contains the following properties

clusterPrivileges
A Set of all cluster privileges that are held by the user. This will be the union of all the cluster privileges from the user’s roles.
globalPrivileges
A Set of all global privileges that are held by the user. This will be the union of all the global privileges from the user’s roles. Because this a union of multiple roles, it may contain multiple privileges for the same category and operation (which is why is is represented as a Set rather than a single object).
indicesPrivileges
A Set of all index privileges that are held by the user. This will be the union of all the index privileges from the user’s roles. Because this a union of multiple roles, it may contain multiple privileges for the same index, and those privileges may have independent field level security access grants and/or multiple document level security queries.
applicationPrivileges
A Set of all application privileges that are held by the user. This will be the union of all the application privileges from the user’s roles.
runAsPrivilege
A Set representation of the run-as privilege that is held by the user. This will be the union of the run-as privilege from each of the user’s roles.
final Set<String> cluster = response.getClusterPrivileges();
final Set<UserIndicesPrivileges> index = response.getIndicesPrivileges();
final Set<ApplicationResourcePrivileges> application = response.getApplicationPrivileges();
final Set<String> runAs = response.getRunAsPrivilege();