Kibana · Capability
Kibana APIs — roles
Kibana APIs — roles. 5 operations. Lead operation: Get all roles. Self-contained Naftiko capability covering one Kibana business surface.
What You Can Do
GET
Getsecurityrole
— Get all roles
/v1/api/security/role
DELETE
Deletesecurityrolename
— Delete a role
/v1/api/security/role/{name}
GET
Getsecurityrolename
— Get a role
/v1/api/security/role/{name}
PUT
Putsecurityrolename
— Create or update a role
/v1/api/security/role/{name}
POST
Postsecurityroles
— Create or update roles
/v1/api/security/roles
MCP Tools
get-all-roles
Get all roles
read-only
idempotent
delete-role
Delete a role
idempotent
get-role
Get a role
read-only
idempotent
create-update-role
Create or update a role
idempotent
create-update-roles
Create or update roles
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Kibana APIs — roles
description: 'Kibana APIs — roles. 5 operations. Lead operation: Get all roles. Self-contained Naftiko capability covering
one Kibana business surface.'
tags:
- Kibana
- roles
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
KIBANA_API_KEY: KIBANA_API_KEY
capability:
consumes:
- type: http
namespace: kibana-roles
baseUri: https://{kibana_url}
description: Kibana APIs — roles business capability. Self-contained, no shared references.
resources:
- name: api-security-role
path: /api/security/role
operations:
- name: getsecurityrole
method: GET
description: Get all roles
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: replaceDeprecatedPrivileges
in: query
type: boolean
description: If `true` and the response contains any privileges that are associated with deprecated features, they
are omitted in favor of details about the appropriate repl
- name: api-security-role-name
path: /api/security/role/{name}
operations:
- name: deletesecurityrolename
method: DELETE
description: Delete a role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: name
in: path
type: string
description: The role name.
required: true
- name: getsecurityrolename
method: GET
description: Get a role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: name
in: path
type: string
description: The role name.
required: true
- name: replaceDeprecatedPrivileges
in: query
type: boolean
description: If `true` and the response contains any privileges that are associated with deprecated features, they
are omitted in favor of details about the appropriate repl
- name: putsecurityrolename
method: PUT
description: Create or update a role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: name
in: path
type: string
description: The role name.
required: true
- name: createOnly
in: query
type: boolean
description: When true, a role is not overwritten if it already exists.
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-security-roles
path: /api/security/roles
operations:
- name: postsecurityroles
method: POST
description: Create or update roles
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
authentication:
type: apikey
key: Authorization
value: '{{env.KIBANA_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: kibana-roles-rest
port: 8080
description: REST adapter for Kibana APIs — roles. One Spectral-compliant resource per consumed operation, prefixed with
/v1.
resources:
- path: /v1/api/security/role
name: api-security-role
description: REST surface for api-security-role.
operations:
- method: GET
name: getsecurityrole
description: Get all roles
call: kibana-roles.getsecurityrole
with:
replaceDeprecatedPrivileges: rest.replaceDeprecatedPrivileges
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/role/{name}
name: api-security-role-name
description: REST surface for api-security-role-name.
operations:
- method: DELETE
name: deletesecurityrolename
description: Delete a role
call: kibana-roles.deletesecurityrolename
with:
kbn-xsrf: rest.kbn-xsrf
name: rest.name
outputParameters:
- type: object
mapping: $.
- method: GET
name: getsecurityrolename
description: Get a role
call: kibana-roles.getsecurityrolename
with:
name: rest.name
replaceDeprecatedPrivileges: rest.replaceDeprecatedPrivileges
outputParameters:
- type: object
mapping: $.
- method: PUT
name: putsecurityrolename
description: Create or update a role
call: kibana-roles.putsecurityrolename
with:
kbn-xsrf: rest.kbn-xsrf
name: rest.name
createOnly: rest.createOnly
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/roles
name: api-security-roles
description: REST surface for api-security-roles.
operations:
- method: POST
name: postsecurityroles
description: Create or update roles
call: kibana-roles.postsecurityroles
with:
kbn-xsrf: rest.kbn-xsrf
body: rest.body
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: kibana-roles-mcp
port: 9090
transport: http
description: MCP adapter for Kibana APIs — roles. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: get-all-roles
description: Get all roles
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-roles.getsecurityrole
with:
replaceDeprecatedPrivileges: tools.replaceDeprecatedPrivileges
outputParameters:
- type: object
mapping: $.
- name: delete-role
description: Delete a role
hints:
readOnly: false
destructive: true
idempotent: true
call: kibana-roles.deletesecurityrolename
with:
kbn-xsrf: tools.kbn-xsrf
name: tools.name
outputParameters:
- type: object
mapping: $.
- name: get-role
description: Get a role
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-roles.getsecurityrolename
with:
name: tools.name
replaceDeprecatedPrivileges: tools.replaceDeprecatedPrivileges
outputParameters:
- type: object
mapping: $.
- name: create-update-role
description: Create or update a role
hints:
readOnly: false
destructive: false
idempotent: true
call: kibana-roles.putsecurityrolename
with:
kbn-xsrf: tools.kbn-xsrf
name: tools.name
createOnly: tools.createOnly
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: create-update-roles
description: Create or update roles
hints:
readOnly: false
destructive: false
idempotent: false
call: kibana-roles.postsecurityroles
with:
kbn-xsrf: tools.kbn-xsrf
body: tools.body
outputParameters:
- type: object
mapping: $.