Version: 6.x-23
Enterprise

Action groups API

Used to receive, create, update and delete action groups.

Note: The actiongroup (singular) endpoint is deprecated in Search Guard 6 and will be removed with Search Guard 7.

Endpoint

/_searchguard/api/actiongroups/{actiongroup}

Where actiongroup is the name of the role.

GET

Get a single action group

GET /_searchguard/api/actiongroups/{actiongroup}

Returns the settings for the respective action group in JSON format, for example:

GET /_searchguard/api/actiongroups/SEARCH
{
  "SEARCH" : [ "indices:data/read/search*", "indices:data/read/msearch*", "SUGGEST" ]
}

Get all action groups

GET /_searchguard/api/actiongroups/

Returns all action groups in JSON format.

Delete

DELETE /_searchguard/api/actiongroups/{actiongroup}

Deletes the action group specified by actiongroup . If successful, the call returns with status code 200 and a JSON success message.

DELETE /_searchguard/api/actiongroups/SEARCH
{
  "status":"OK",
  "message":"actiongroup SEARCH deleted."
}

PUT

PUT /_searchguard/api/actiongroups/{actiongroup}

Replaces or creates the action group specified by actiongroup .

PUT /_searchguard/api/actiongroups/SEARCH
{
  "permissions": ["indices:data/read/search*", "indices:data/read/msearch*", "SUGGEST" ]
}

The field permissions is mandatory and contains permissions or references to other action groups.

{
  "status":"CREATED",
  "message":"action group SEARCH created"
}

PATCH

The PATCH endpoint can be used to change individual attributes of an action group, or to create, change and delete action groups in a bulk call. The PATCH endpoint expects a payload in JSON Patch format. Search Guard supports the complete JSON patch specification.

JSON patch specification: http://jsonpatch.com/

The PATCH endpoint is only available for Elasticsearch 6.4.0 and above.

Patch an action group

PATCH /_searchguard/api/actiongroups/{actiongroup}

Adds, deletes or changes one or more attributes of a user specified by actiongroup .

PATCH /_searchguard/api/actiongroups/CREATE_INDEX
[ 
  { 
    "op": "replace", "path": "/permissions", "value": ["indices:admin/create", "indices:admin/mapping/put"] 
  }
]

Bulk add, delete and change action groups

PATCH /_searchguard/api/actiongroups
[ 
  { 
    "op": "add", "path": "/CREATE_INDEX", "value": ["indices:admin/create", "indices:admin/mapping/put"] 
  },
  { 
    "op": "delete", "path": "/CRUD"
  }
]

Not what you were looking for? Try the search.