lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
							[role="xpack"]
[[security-api-get-service-accounts]]
=== Get service accounts API

beta::[]

++++
<titleabbrev>Get service accounts</titleabbrev>
++++

Retrieves information about <<service-accounts,service accounts>>.

NOTE: Currently, only the `elastic/fleet-server` service account is available.

[[security-api-get-service-accounts-request]]
==== {api-request-title}

`GET /_security/service`

`GET /_security/service/<namespace>`

`GET /_security/service/<namespace>/<service>`

[[security-api-get-service-accounts-prereqs]]
==== {api-prereq-title}

* To use this API, you must have at least the `manage_service_account`
<<privileges-list-cluster,cluster privilege>>.

[[security-api-get-service-accounts-desc]]
==== {api-description-title}

include::../../security/authentication/service-accounts.asciidoc[tag=service-accounts-tls]

[[security-api-get-service-accounts-path-params]]
==== {api-path-parms-title}

`namespace`::
  (Optional, string) Name of the namespace. Omit this parameter to retrieve information about all service accounts. If you omit this parameter, you must also omit the `service` parameter.

`service`::
  (Optional, string) Name of the service name. Omit this parameter to
  retrieve information about all service accounts that belong to the specified
  `namespace`.

[[security-api-get-service-accounts-response-body]]
==== {api-response-body-title}

A successful call returns a JSON object of service accounts. The API returns an
empty object if no service account is found.

[[security-api-get-service-accounts-example]]
==== {api-examples-title}

To following request retrieves a service account for the `elastic/fleet-server`
service account:

[source,console]
----
GET /_security/service/elastic/fleet-server
----

[source,console-result]
----
{
  "elastic/fleet-server": {
    "role_descriptor": {
      "cluster": [
        "monitor",
        "manage_own_api_key"
      ],
      "indices": [
        {
          "names": [
            "logs-*",
            "metrics-*",
            "traces-*",
            "synthetics-*",
            ".logs-endpoint.diagnostic.collection-*"
          ],
          "privileges": [
            "write",
            "create_index",
            "auto_configure"
          ],
          "allow_restricted_indices": false
        },
        {
          "names": [
            ".fleet-*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure"
          ],
          "allow_restricted_indices": false
        }
      ],
      "applications": [],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      }
    }
  }
}
----

Omit the `namespace` and `service` to retrieve all service accounts:

[source,console]
----
GET /_security/service
----