[[reference-shared-types-security]]

////////
===========================================================================================================================
||                                                                                                                       ||
||                                                                                                                       ||
||                                                                                                                       ||
||        ██████╗ ███████╗ █████╗ ██████╗ ███╗   ███╗███████╗                                                            ||
||        ██╔══██╗██╔════╝██╔══██╗██╔══██╗████╗ ████║██╔════╝                                                            ||
||        ██████╔╝█████╗  ███████║██║  ██║██╔████╔██║█████╗                                                              ||
||        ██╔══██╗██╔══╝  ██╔══██║██║  ██║██║╚██╔╝██║██╔══╝                                                              ||
||        ██║  ██║███████╗██║  ██║██████╔╝██║ ╚═╝ ██║███████╗                                                            ||
||        ╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝╚═════╝ ╚═╝     ╚═╝╚══════╝                                                            ||
||                                                                                                                       ||
||                                                                                                                       ||
||    This file is autogenerated, DO NOT send pull requests that changes this file directly.                             ||
||    You should update the script that does the generation, which can be found in:                                      ||
||    https://github.com/elastic/elastic-client-generator-js                                                             ||
||                                                                                                                       ||
||    You can run the script with the following command:                                                                 ||
||       npm run elasticsearch -- --version <version>                                                                    ||
||                                                                                                                       ||
||                                                                                                                       ||
||                                                                                                                       ||
===========================================================================================================================
////////



== Shared Security types


[discrete]
[[SecurityAccess]]
=== SecurityAccess

[pass]
++++
<pre>
++++
interface SecurityAccess {
  pass:[/**] @property replication A list of indices permission entries for cross-cluster replication. */
  replication?: <<SecurityReplicationAccess>>[]
  pass:[/**] @property search A list of indices permission entries for cross-cluster search. */
  search?: <<SecuritySearchAccess>>[]
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityApiKey]]
=== SecurityApiKey

[pass]
++++
<pre>
++++
interface SecurityApiKey {
  pass:[/**] @property creation Creation time for the API key in milliseconds. */
  creation?: <<long>>
  pass:[/**] @property expiration Expiration time for the API key in milliseconds. */
  expiration?: <<long>>
  pass:[/**] @property id <<Id>> for the API key */
  id: <<Id>>
  pass:[/**] @property invalidated Invalidation status for the API key. If the key has been invalidated, it has a value of `true`. Otherwise, it is `false`. */
  invalidated?: boolean
  pass:[/**] @property name <<Name>> of the API key. */
  name: <<Name>>
  pass:[/**] @property realm Realm name of the principal for which this API key was created. */
  realm?: string
  pass:[/**] @property realm_type Realm type of the principal for which this API key was created */
  realm_type?: string
  pass:[/**] @property username Principal for which this API key was created */
  username?: <<Username>>
  pass:[/**] @property profile_uid The profile uid for the API key owner principal, if requested and if it exists */
  profile_uid?: string
  pass:[/**] @property metadata <<Metadata>> of the API key */
  metadata?: <<Metadata>>
  pass:[/**] @property role_descriptors The role descriptors assigned to this API key when it was created or last updated. An empty role descriptor means the API key inherits the owner user’s permissions. */
  role_descriptors?: Record<string, <<SecurityRoleDescriptor>>>
  pass:[/**] @property limited_by The owner user’s permissions associated with the API key. It is a point-in-time snapshot captured at creation and subsequent updates. An API key’s effective permissions are an intersection of its assigned privileges and the owner user’s permissions. */
  limited_by?: Record<string, <<SecurityRoleDescriptor>>>[]
  _sort?: <<SortResults>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityApplicationGlobalUserPrivileges]]
=== SecurityApplicationGlobalUserPrivileges

[pass]
++++
<pre>
++++
interface SecurityApplicationGlobalUserPrivileges {
  manage: <<SecurityManageUserPrivileges>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityApplicationPrivileges]]
=== SecurityApplicationPrivileges

[pass]
++++
<pre>
++++
interface SecurityApplicationPrivileges {
  pass:[/**] @property application The name of the application to which this entry applies. */
  application: string
  pass:[/**] @property privileges A list of strings, where each element is the name of an application privilege or action. */
  privileges: string[]
  pass:[/**] @property resources A list resources to which the privileges are applied. */
  resources: string[]
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityBulkError]]
=== SecurityBulkError

[pass]
++++
<pre>
++++
interface SecurityBulkError {
  pass:[/**] @property count The number of errors */
  count: <<integer>>
  pass:[/**] @property details Details about the errors, keyed by role name */
  details: Record<string, <<ErrorCause>>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityClusterNode]]
=== SecurityClusterNode

[pass]
++++
<pre>
++++
interface SecurityClusterNode {
  name: <<Name>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityClusterPrivilege]]
=== SecurityClusterPrivilege

[pass]
++++
<pre>
++++
type SecurityClusterPrivilege = 'all' | 'cancel_task' | 'create_snapshot' | 'cross_cluster_replication' | 'cross_cluster_search' | 'delegate_pki' | 'grant_api_key' | 'manage' | 'manage_api_key' | 'manage_autoscaling' | 'manage_behavioral_analytics' | 'manage_ccr' | 'manage_data_frame_transforms' | 'manage_data_stream_global_retention' | 'manage_enrich' | 'manage_ilm' | 'manage_index_templates' | 'manage_inference' | 'manage_ingest_pipelines' | 'manage_logstash_pipelines' | 'manage_ml' | 'manage_oidc' | 'manage_own_api_key' | 'manage_pipeline' | 'manage_rollup' | 'manage_saml' | 'manage_search_application' | 'manage_search_query_rules' | 'manage_search_synonyms' | 'manage_security' | 'manage_service_account' | 'manage_slm' | 'manage_token' | 'manage_transform' | 'manage_user_profile' | 'manage_watcher' | 'monitor' | 'monitor_data_frame_transforms' | 'monitor_data_stream_global_retention' | 'monitor_enrich' | 'monitor_inference' | 'monitor_ml' | 'monitor_rollup' | 'monitor_snapshot' | 'monitor_text_structure' | 'monitor_transform' | 'monitor_watcher' | 'none' | 'post_behavioral_analytics_event' | 'read_ccr' | 'read_fleet_secrets' | 'read_ilm' | 'read_pipeline' | 'read_security' | 'read_slm' | 'transport_client' | 'write_connector_secrets' | 'write_fleet_secrets' | string
[pass]
++++
</pre>
++++

[discrete]
[[SecurityCreatedStatus]]
=== SecurityCreatedStatus

[pass]
++++
<pre>
++++
interface SecurityCreatedStatus {
  created: boolean
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityFieldRule]]
=== SecurityFieldRule

[pass]
++++
<pre>
++++
interface SecurityFieldRule {
  username?: <<Names>>
  dn?: <<Names>>
  groups?: <<Names>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityFieldSecurity]]
=== SecurityFieldSecurity

[pass]
++++
<pre>
++++
interface SecurityFieldSecurity {
  except?: <<Fields>>
  grant?: <<Fields>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityGlobalPrivilege]]
=== SecurityGlobalPrivilege

[pass]
++++
<pre>
++++
interface SecurityGlobalPrivilege {
  application: <<SecurityApplicationGlobalUserPrivileges>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityGrantType]]
=== SecurityGrantType

[pass]
++++
<pre>
++++
type SecurityGrantType = 'password' | 'access_token'
[pass]
++++
</pre>
++++

[discrete]
[[SecurityIndexPrivilege]]
=== SecurityIndexPrivilege

[pass]
++++
<pre>
++++
type SecurityIndexPrivilege = 'all' | 'auto_configure' | 'create' | 'create_doc' | 'create_index' | 'cross_cluster_replication' | 'cross_cluster_replication_internal' | 'delete' | 'delete_index' | 'index' | 'maintenance' | 'manage' | 'manage_data_stream_lifecycle' | 'manage_follow_index' | 'manage_ilm' | 'manage_leader_index' | 'monitor' | 'none' | 'read' | 'read_cross_cluster' | 'view_index_metadata' | 'write' | string
[pass]
++++
</pre>
++++

[discrete]
[[SecurityIndicesPrivileges]]
=== SecurityIndicesPrivileges

[pass]
++++
<pre>
++++
interface SecurityIndicesPrivileges {
  pass:[/**] @property field_security The document fields that the owners of the role have read access to. */
  field_security?: <<SecurityFieldSecurity>>
  pass:[/**] @property names A list of indices (or index name patterns) to which the permissions in this entry apply. */
  names: <<Indices>>
  pass:[/**] @property privileges The index level privileges that owners of the role have on the specified indices. */
  privileges: <<SecurityIndexPrivilege>>[]
  pass:[/**] @property query A search query that defines the documents the owners of the role have access to. A document within the specified indices must match this query for it to be accessible by the owners of the role. */
  query?: <<SecurityIndicesPrivilegesQuery>>
  pass:[/**] @property allow_restricted_indices Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`. */
  allow_restricted_indices?: boolean
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityIndicesPrivilegesQuery]]
=== SecurityIndicesPrivilegesQuery

[pass]
++++
<pre>
++++
type SecurityIndicesPrivilegesQuery = string | <<QueryDslQueryContainer>> | <<SecurityRoleTemplateQuery>>
[pass]
++++
</pre>
++++

[discrete]
[[SecurityManageUserPrivileges]]
=== SecurityManageUserPrivileges

[pass]
++++
<pre>
++++
interface SecurityManageUserPrivileges {
  applications: string[]
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityRealmInfo]]
=== SecurityRealmInfo

[pass]
++++
<pre>
++++
interface SecurityRealmInfo {
  name: <<Name>>
  type: string
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityRemoteIndicesPrivileges]]
=== SecurityRemoteIndicesPrivileges

[pass]
++++
<pre>
++++
interface SecurityRemoteIndicesPrivileges {
  pass:[/**] @property clusters A list of cluster aliases to which the permissions in this entry apply. */
  clusters: <<Names>>
  pass:[/**] @property field_security The document fields that the owners of the role have read access to. */
  field_security?: <<SecurityFieldSecurity>>
  pass:[/**] @property names A list of indices (or index name patterns) to which the permissions in this entry apply. */
  names: <<Indices>>
  pass:[/**] @property privileges The index level privileges that owners of the role have on the specified indices. */
  privileges: <<SecurityIndexPrivilege>>[]
  pass:[/**] @property query A search query that defines the documents the owners of the role have access to. A document within the specified indices must match this query for it to be accessible by the owners of the role. */
  query?: <<SecurityIndicesPrivilegesQuery>>
  pass:[/**] @property allow_restricted_indices Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`. */
  allow_restricted_indices?: boolean
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityReplicationAccess]]
=== SecurityReplicationAccess

[pass]
++++
<pre>
++++
interface SecurityReplicationAccess {
  pass:[/**] @property names A list of indices (or index name patterns) to which the permissions in this entry apply. */
  names: <<IndexName>>[]
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityRoleDescriptor]]
=== SecurityRoleDescriptor

[pass]
++++
<pre>
++++
interface SecurityRoleDescriptor {
  pass:[/**] @property cluster A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute. */
  cluster?: <<SecurityClusterPrivilege>>[]
  pass:[/**] @property indices A list of indices permissions entries. */
  indices?: <<SecurityIndicesPrivileges>>[]
  pass:[/**] @property index A list of indices permissions entries. */
  index?: <<SecurityIndicesPrivileges>>[]
  pass:[/**] @property global An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges. */
  global?: <<SecurityGlobalPrivilege>>[] | <<SecurityGlobalPrivilege>>
  pass:[/**] @property applications A list of application privilege entries */
  applications?: <<SecurityApplicationPrivileges>>[]
  pass:[/**] @property metadata Optional meta-data. Within the metadata object, keys that begin with `_` are reserved for system usage. */
  metadata?: <<Metadata>>
  pass:[/**] @property run_as A list of users that the API keys can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected. */
  run_as?: string[]
  pass:[/**] @property description Optional description of the role descriptor */
  description?: string
  transient_metadata?: Record<string, any>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityRoleDescriptorRead]]
=== SecurityRoleDescriptorRead

[pass]
++++
<pre>
++++
interface SecurityRoleDescriptorRead {
  pass:[/**] @property cluster A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute. */
  cluster: <<SecurityClusterPrivilege>>[]
  pass:[/**] @property indices A list of indices permissions entries. */
  indices: <<SecurityIndicesPrivileges>>[]
  pass:[/**] @property index A list of indices permissions entries. */
  index: <<SecurityIndicesPrivileges>>[]
  pass:[/**] @property global An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges. */
  global?: <<SecurityGlobalPrivilege>>[] | <<SecurityGlobalPrivilege>>
  pass:[/**] @property applications A list of application privilege entries */
  applications?: <<SecurityApplicationPrivileges>>[]
  pass:[/**] @property metadata Optional meta-data. Within the metadata object, keys that begin with `_` are reserved for system usage. */
  metadata?: <<Metadata>>
  pass:[/**] @property run_as A list of users that the API keys can impersonate. */
  run_as?: string[]
  pass:[/**] @property description Optional description of the role descriptor */
  description?: string
  transient_metadata?: Record<string, any>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityRoleMapping]]
=== SecurityRoleMapping

[pass]
++++
<pre>
++++
interface SecurityRoleMapping {
  enabled: boolean
  metadata: <<Metadata>>
  roles?: string[]
  role_templates?: <<SecurityRoleTemplate>>[]
  rules: <<SecurityRoleMappingRule>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityRoleMappingRule]]
=== SecurityRoleMappingRule

[pass]
++++
<pre>
++++
interface SecurityRoleMappingRule {
  any?: <<SecurityRoleMappingRule>>[]
  all?: <<SecurityRoleMappingRule>>[]
  field?: <<SecurityFieldRule>>
  except?: <<SecurityRoleMappingRule>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityRoleTemplate]]
=== SecurityRoleTemplate

[pass]
++++
<pre>
++++
interface SecurityRoleTemplate {
  format?: <<SecurityTemplateFormat>>
  template: <<Script>> | string
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityRoleTemplateInlineQuery]]
=== SecurityRoleTemplateInlineQuery

[pass]
++++
<pre>
++++
type SecurityRoleTemplateInlineQuery = string | <<QueryDslQueryContainer>>
[pass]
++++
</pre>
++++

[discrete]
[[SecurityRoleTemplateQuery]]
=== SecurityRoleTemplateQuery

[pass]
++++
<pre>
++++
interface SecurityRoleTemplateQuery {
  pass:[/**] @property template When you create a role, you can specify a query that defines the document level security permissions. You can optionally use Mustache templates in the role query to insert the username of the current authenticated user into the role. <<Like>> other places in Elasticsearch that support templating or scripting, you can specify inline, stored, or file-based templates and define custom parameters. You access the details for the current authenticated user through the _user parameter. */
  template?: <<SecurityRoleTemplateScript>> | <<SecurityRoleTemplateInlineQuery>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityRoleTemplateScript]]
=== SecurityRoleTemplateScript

[pass]
++++
<pre>
++++
interface SecurityRoleTemplateScript {
  source?: <<SecurityRoleTemplateInlineQuery>>
  pass:[/**] @property id The `id` for a stored script. */
  id?: <<Id>>
  pass:[/**] @property params Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time. */
  params?: Record<string, any>
  pass:[/**] @property lang Specifies the language the script is written in. */
  lang?: <<ScriptLanguage>>
  options?: Record<string, string>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecuritySearchAccess]]
=== SecuritySearchAccess

[pass]
++++
<pre>
++++
interface SecuritySearchAccess {
  pass:[/**] @property field_security The document fields that the owners of the role have read access to. */
  field_security?: <<SecurityFieldSecurity>>
  pass:[/**] @property names A list of indices (or index name patterns) to which the permissions in this entry apply. */
  names: <<IndexName>>[]
  pass:[/**] @property query A search query that defines the documents the owners of the role have access to. A document within the specified indices must match this query for it to be accessible by the owners of the role. */
  query?: <<SecurityIndicesPrivilegesQuery>>
  pass:[/**] @property allow_restricted_indices Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`. */
  allow_restricted_indices?: boolean
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityTemplateFormat]]
=== SecurityTemplateFormat

[pass]
++++
<pre>
++++
type SecurityTemplateFormat = 'string' | 'json'
[pass]
++++
</pre>
++++

[discrete]
[[SecurityUser]]
=== SecurityUser

[pass]
++++
<pre>
++++
interface SecurityUser {
  email?: string | null
  full_name?: <<Name>> | null
  metadata: <<Metadata>>
  roles: string[]
  username: <<Username>>
  enabled: boolean
  profile_uid?: <<SecurityUserProfileId>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityUserIndicesPrivileges]]
=== SecurityUserIndicesPrivileges

[pass]
++++
<pre>
++++
interface SecurityUserIndicesPrivileges {
  pass:[/**] @property field_security The document fields that the owners of the role have read access to. */
  field_security?: <<SecurityFieldSecurity>>[]
  pass:[/**] @property names A list of indices (or index name patterns) to which the permissions in this entry apply. */
  names: <<Indices>>
  pass:[/**] @property privileges The index level privileges that owners of the role have on the specified indices. */
  privileges: <<SecurityIndexPrivilege>>[]
  pass:[/**] @property query Search queries that define the documents the user has access to. A document within the specified indices must match these queries for it to be accessible by the owners of the role. */
  query?: <<SecurityIndicesPrivilegesQuery>>[]
  pass:[/**] @property allow_restricted_indices Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`. */
  allow_restricted_indices: boolean
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityUserProfile]]
=== SecurityUserProfile

[pass]
++++
<pre>
++++
interface SecurityUserProfile {
  uid: <<SecurityUserProfileId>>
  user: <<SecurityUserProfileUser>>
  data: Record<string, any>
  labels: Record<string, any>
  enabled?: boolean
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityUserProfileHitMetadata]]
=== SecurityUserProfileHitMetadata

[pass]
++++
<pre>
++++
interface SecurityUserProfileHitMetadata {
  _primary_term: <<long>>
  _seq_no: <<SequenceNumber>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityUserProfileId]]
=== SecurityUserProfileId

[pass]
++++
<pre>
++++
type SecurityUserProfileId = string
[pass]
++++
</pre>
++++

[discrete]
[[SecurityUserProfileUser]]
=== SecurityUserProfileUser

[pass]
++++
<pre>
++++
interface SecurityUserProfileUser {
  email?: string | null
  full_name?: <<Name>> | null
  realm_name: <<Name>>
  realm_domain?: <<Name>>
  roles: string[]
  username: <<Username>>
}
[pass]
++++
</pre>
++++

[discrete]
[[SecurityUserProfileWithMetadata]]
=== SecurityUserProfileWithMetadata

[pass]
++++
<pre>
++++
interface SecurityUserProfileWithMetadata extends <<SecurityUserProfile>> {
  last_synchronized: <<long>>
  _doc: <<SecurityUserProfileHitMetadata>>
}
[pass]
++++
</pre>
++++