From b2d917406b17ff32cd45af51a45c84112990a953 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 16 Aug 2018 15:47:20 -0700 Subject: [PATCH] [DOCS] Adds overview of appliation privileges --- .../security/authorization/privileges.asciidoc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/en/stack/security/authorization/privileges.asciidoc b/docs/en/stack/security/authorization/privileges.asciidoc index e5b22d367..a1de8bc62 100644 --- a/docs/en/stack/security/authorization/privileges.asciidoc +++ b/docs/en/stack/security/authorization/privileges.asciidoc @@ -133,3 +133,18 @@ behalf of another user. The value can be a user name or a comma-separated list of user names. (You can also specify users as an array of strings or a YAML sequence.) For more information, see <>. + +[[application-privileges]] +==== Application privileges + +Application privileges are managed within {es} and can be retrieved with the +{ref}/security-api-has-privileges.html[has privileges API] and the +{ref}/security-api-get-privileges.html[get application privileges API]. They do +not, however, grant access to any actions or resources within {es}. Their +purpose is to enable applications to represent and store their own privilege +models within {es} roles. + +To create application privileges, use the +{ref}/security-api-put-privileges.html[add application privileges API]. You can +then associate these application privileges with roles, as described in +<>.