Version: 7.x-45.0.0
This is an older version of Search Guard. Switch to Latest version

Action groups API

Used to receive, create, update and delete action groups.



Where actiongroup is the name of the role.


Get a single action group

GET /_searchguard/api/actiongroups/{actiongroup}

Returns the settings for the respective action group in JSON format, for example:

GET /_searchguard/api/actiongroups/SEARCH
  "allowed_actions" : [ "indices:data/read/search*", "indices:data/read/msearch*", "SUGGEST" ]

Get all action groups

GET /_searchguard/api/actiongroups/

Returns all action groups in JSON format.


DELETE /_searchguard/api/actiongroups/{actiongroup}

Deletes the action group specified by actiongroup . If successful, the call returns with status code 200 and a JSON success message.

DELETE /_searchguard/api/actiongroups/SEARCH
  "message":"actiongroup SEARCH deleted."


PUT /_searchguard/api/actiongroups/{actiongroup}

Replaces or creates the action group specified by actiongroup .

PUT /_searchguard/api/actiongroups/SEARCH
  "allowed_actions": ["indices:data/read/search*", "indices:data/read/msearch*", "SUGGEST" ]

The field allowed_actions is mandatory and contains permissions or references to other action groups.

  "message":"action group SEARCH created"


The PATCH endpoint can be used to change individual attributes of an action group, or to create, change and delete action groups in a bulk call. The PATCH endpoint expects a payload in JSON Patch format. Search Guard supports the complete JSON patch specification.

JSON patch specification:

Patch an action group

PATCH /_searchguard/api/actiongroups/{actiongroup}

Adds, deletes or changes one or more attributes of a user specified by actiongroup .

PATCH /_searchguard/api/actiongroups/CREATE_INDEX
    "op": "replace", "path": "/allowed_actions", "value": ["indices:admin/create", "indices:admin/mapping/put"] 

Bulk add, delete and change action groups

PATCH /_searchguard/api/actiongroups
    "op": "add", "path": "/CREATE_INDEX/allowed_actions", "value": ["indices:admin/create", "indices:admin/mapping/put"] 
    "op": "remove", "path": "/CRUD"

Not what you were looking for? Try the search.