Package co.elastic.clients.elasticsearch.security

Class PutRoleRequest

java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.security.PutRoleRequest
All Implemented Interfaces:
JsonpSerializable
@JsonpDeserializable public class PutRoleRequest extends RequestBase implements JsonpSerializable
Create or update roles.

The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management. The create or update roles API cannot update roles that are defined in roles files. File-based role management is not available in Elastic Serverless.

See Also:

  • Field Details

  • Method Details

    • of

      public static PutRoleRequest of(Function<PutRoleRequest.Builder,ObjectBuilder<PutRoleRequest>> fn)

    • applications

      public final List<ApplicationPrivileges> applications()
      A list of application privilege entries.

      API name: applications

    • cluster

      public final List<String> cluster()
      A list of cluster privileges. These privileges define the cluster-level actions for users with this role.

      API name: cluster

    • description

      @Nullable public final String description()
      Optional description of the role descriptor

      API name: description

    • global

      public final Map<String,JsonData> global()
      An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.

      API name: global

    • indices

      public final List<IndicesPrivileges> indices()
      A list of indices permissions entries.

      API name: indices

    • metadata

      public final Map<String,JsonData> metadata()
      Optional metadata. Within the metadata object, keys that begin with an underscore (_) are reserved for system use.

      API name: metadata

    • name

      public final String name()
      Required - The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters '_', '-', and '.'. Each role must have a unique name, as this will serve as the identifier for that role.

      API name: name

    • refresh

      @Nullable public final Refresh refresh()
      If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes.

      API name: refresh

    • remoteCluster

      public final List<RemoteClusterPrivileges> remoteCluster()
      A list of remote cluster permissions entries.

      API name: remote_cluster

    • remoteIndices

      public final List<RemoteIndicesPrivileges> remoteIndices()
      A list of remote indices permissions entries.

      NOTE: Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.

      API name: remote_indices

    • runAs

      public final List<String> runAs()
      A list of users that the owners of this role can impersonate. Note: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty run_as field, but a non-empty list will be rejected.

      API name: run_as

    • transientMetadata

      public final Map<String,JsonData> transientMetadata()
      Indicates roles that might be incompatible with the current cluster license, specifically roles with document and field level security. When the cluster license doesn’t allow certain features for a given role, this parameter is updated dynamically to list the incompatible features. If enabled is false, the role is ignored, but is still listed in the response from the authenticate API.

      API name: transient_metadata

    • serialize

      public void serialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
      Serialize this object to JSON.
      Specified by:
      serialize in interface JsonpSerializable

    • serializeInternal

      protected void serializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)

    • setupPutRoleRequestDeserializer

      protected static void setupPutRoleRequestDeserializer(ObjectDeserializer<PutRoleRequest.Builder> op)