Privileges endpoint
editPrivileges endpoint
editRetrieves whether or not the user is authenticated, and the user’s Kibana space
and index privileges, which determine if the user can create an index
(.siem-signals-*
) for the Elastic Security alerts generated by detection engine rules.
For information about the permissions and privileges required to create
.siem-signals-<Kibana-space>
indices, see Enable Detections.
The Kibana Console supports only Elasticsearch APIs. You cannot interact with the Kibana APIs with the Console and must use curl
or another HTTP tool instead. For more information, refer to Console.
Get privileges
editReturns user privileges for the Kibana space.
Request URL
editGET <kibana host>:<port>/api/detection_engine/privileges
Example requests
editGets user privileges for the Kibana default space:
GET api/detection_engine/privileges
Gets user privileges for the Kibana siem
space:
GET s/siem/api/detection_engine/privileges
Response code
edit-
200
- Indicates a successful call.
Example response
edit{ "username": "detection-engine-admin", "has_all_requested": false, "cluster": { "monitor_ml": true, "manage_ccr": false, "manage_index_templates": true, "monitor_watcher": true, "monitor_transform": true, "read_ilm": true, "manage_api_key": false, "manage_security": false, "manage_own_api_key": false, "manage_saml": false, "all": false, "manage_ilm": true, "manage_ingest_pipelines": true, "read_ccr": false, "manage_rollup": true, "monitor": true, "manage_watcher": true, "manage": true, "manage_transform": true, "manage_token": false, "manage_ml": true, "manage_pipeline": true, "monitor_rollup": true, "transport_client": true, "create_snapshot": true }, "index": { ".siem-signals-detection-engine": { "all": false, "manage_ilm": true, "read": false, "create_index": true, "read_cross_cluster": false, "index": false, "monitor": true, "delete": false, "manage": true, "delete_index": true, "create_doc": false, "view_index_metadata": true, "create": false, "manage_follow_index": true, "manage_leader_index": true, "write": false } }, "application": {} "is_authenticated": true "has_encryption_key": true }
Indicates whether the user can log in to the Elasticsearch deployment. |
|
Indicates whether the
|