> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kinetica.com/llms.txt
> Use this file to discover all available pages before exploring further.

# /show/security

```
URL: http://<db.host>:<db.port>/show/security
```

Shows security information relating to users and/or roles. If the caller is not
a system administrator, only information relating to the caller and their roles
is returned.

## Input Parameter Description

<ParamField body="names" type="array of strings">
  A list of names of users and/or roles about which security information is requested. If none are provided, information about all users and roles will be returned.
</ParamField>

<ParamField body="options" type="map of string to strings">
  Optional parameters.

  The default value is an empty map ( \{} ).

  <Expandable title="options">
    <ParamField body="show_current_user">
      If *true*, returns only security information for the current user.

      The default value is `false`.

      The supported values are:

      * true
      * false
    </ParamField>
  </Expandable>
</ParamField>

## Output Parameter Description

The Kinetica server embeds the endpoint response inside a standard response structure which contains status information and the actual response to the query.  Here is a description of the various fields of the wrapper:

<ResponseField name="status" type="String">
  'OK' or 'ERROR'
</ResponseField>

<ResponseField name="message" type="String">
  Empty if success or an error message
</ResponseField>

<ResponseField name="data_type" type="String">
  'show\_security\_response' or 'none' in case of an error
</ResponseField>

<ResponseField name="data" type="String">
  Empty string
</ResponseField>

<ResponseField name="data_str" type="JSON or String">
  This embedded JSON represents the result of the /show/security endpoint:

  <Expandable title="data_str">
    <ResponseField name="types" type="map of string to strings">
      Map of user/role name to the type of that user/role.

      * **internal\_user**: A user whose credentials are managed by the database system.
      * **external\_user**: A user whose credentials are managed by an external LDAP.
      * **role**: A role.
    </ResponseField>

    <ResponseField name="roles" type="map of string to arrays of strings">
      Map of user/role name to a list of names of roles of which that user/role is a member.
    </ResponseField>

    <ResponseField name="permissions" type="map of string to arrays of maps of string to strings">
      Map of user/role name to a list of permissions directly granted to that user/role.
    </ResponseField>

    <ResponseField name="resource_groups" type="map of string to strings">
      Map of user name to resource group name.
    </ResponseField>

    <ResponseField name="info" type="map of string to strings">
      Additional information.
    </ResponseField>
  </Expandable>

  Empty string in case of an error.
</ResponseField>
