lqb
/
elasticsearch
espejo de https://gitee.com/mirrors/elasticsearch.git


			
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
							[role="xpack"]
[[security-api-privileges]]
=== Privilege APIs

[[security-api-has-privilege]]

The `has_privileges` API allows you to determine whether the logged in user has
a specified list of privileges.

==== Request

`GET _xpack/security/user/_has_privileges`


==== Description

For a list of the privileges that you can specify in this API,
see {xpack-ref}/security-privileges.html[Security Privileges].

A successful call returns a JSON structure that shows whether each specified
privilege is assigned to the user.


==== Request Body

`cluster`:: (list) A list of the cluster privileges that you want to check.

`index`::
`names`::: (list) A list of indices.
`privileges`::: (list) A list of the privileges that you want to check for the
specified indices.

==== Authorization

All users can use this API, but only to determine their own privileges.
To check the privileges of other users, you must use the run as feature. For
more information, see
{xpack-ref}/run-as-privilege.html[Submitting Requests on Behalf of Other Users].


==== Examples

The following example checks whether the current user has a specific set of
cluster and indices privileges:

[source,js]
--------------------------------------------------
GET _xpack/security/user/_has_privileges
{
  "cluster": [ "monitor", "manage" ],
  "index" : [
    {
      "names": [ "suppliers", "products" ],
      "privileges": [ "read" ]
    },
    {
      "names": [ "inventory" ],
      "privileges" : [ "read", "write" ]
    }
  ]
}
--------------------------------------------------
// CONSOLE

The following example output indicates which privileges the "rdeniro" user has:

[source,js]
--------------------------------------------------
{
  "username": "rdeniro",
  "has_all_requested" : false,
  "cluster" : {
    "monitor" : true,
    "manage" : false
  },
  "index" : {
    "suppliers" : {
      "read" : true
    },
    "products" : {
      "read" : true
    },
    "inventory" : {
      "read" : true,
      "write" : false
    }
  },
  "application" : {}
}
--------------------------------------------------
// TESTRESPONSE[s/"rdeniro"/"$body.username"/]
// TESTRESPONSE[s/: false/: true/]