resp = client.security.put_privileges(
    privileges={
        "myapp": {
            "read": {
                "actions": [
                    "data:read/*",
                    "action:login"
                ],
                "metadata": {
                    "description": "Read access to myapp"
                }
            }
        }
    },
)
print(resp)

const response = await client.security.putPrivileges({
  privileges: {
    myapp: {
      read: {
        actions: ["data:read/*", "action:login"],
        metadata: {
          description: "Read access to myapp",
        },
      },
    },
  },
});
console.log(response);

PUT /_security/privilege
{
  "myapp": {
    "read": {
      "actions": [ 
        "data:read/*" , 
        "action:login" ],
        "metadata": { 
          "description": "Read access to myapp"
        }
      }
    }
}

	这些字符串在 "myapp" 应用程序中具有意义。Elasticsearch 不会为它们分配任何含义。
	此处使用通配符 (`*`) 意味着此权限授予对所有以 `data:read/` 开头的操作的访问权限。Elasticsearch 不会为这些操作分配任何含义。但是，如果请求包含诸如 `data:read/users` 或 `data:read/settings` 之类的应用程序权限，则具有权限 API会遵守通配符的使用并返回 `true`。
	metadata 对象是可选的。

{
  "myapp": {
    "read": {
      "created": true 
    }
  }
}

更新现有权限时，created 设置为 false。

要添加多个权限，请向 /_security/privilege/ 端点提交 POST 请求。例如

resp = client.security.put_privileges(
    privileges={
        "app01": {
            "read": {
                "actions": [
                    "action:login",
                    "data:read/*"
                ]
            },
            "write": {
                "actions": [
                    "action:login",
                    "data:write/*"
                ]
            }
        },
        "app02": {
            "all": {
                "actions": [
                    "*"
                ]
            }
        }
    },
)
print(resp)

const response = await client.security.putPrivileges({
  privileges: {
    app01: {
      read: {
        actions: ["action:login", "data:read/*"],
      },
      write: {
        actions: ["action:login", "data:write/*"],
      },
    },
    app02: {
      all: {
        actions: ["*"],
      },
    },
  },
});
console.log(response);

PUT /_security/privilege
{
  "app01": {
    "read": {
      "actions": [ "action:login", "data:read/*" ]
    },
    "write": {
      "actions": [ "action:login", "data:write/*" ]
    }
  },
  "app02": {
    "all": {
      "actions": [ "*" ]
    }
  }
}

成功的调用返回一个 JSON 结构，显示权限是否已创建或更新。

{
  "app02": {
    "all": {
      "created": true
    }
  },
  "app01": {
    "read": {
      "created": true
    },
    "write": {
      "created": true
    }
  }
}

« 创建 API 密钥 API 创建或更新角色映射 API »