elastic
diff --git a/‎output/schema/schema.json
Lines changed: 55 additions & 39 deletions b/‎output/schema/schema.json
Lines changed: 55 additions & 39 deletions
diff --git a/‎output/schema/validation-errors.json
Lines changed: 0 additions & 6 deletions b/‎output/schema/validation-errors.json
Lines changed: 0 additions & 6 deletions
diff --git a/‎output/typescript/types.ts
Lines changed: 4 additions & 2 deletions b/‎output/typescript/types.ts
Lines changed: 4 additions & 2 deletions
diff --git a/‎specification/security/_types/Privileges.ts
Lines changed: 12 additions & 3 deletions b/‎specification/security/_types/Privileges.ts
Lines changed: 12 additions & 3 deletions
diff --git a/‎specification/security/get_user_privileges/SecurityGetUserPrivilegesResponse.ts
Lines changed: 3 additions & 0 deletions b/‎specification/security/get_user_privileges/SecurityGetUserPrivilegesResponse.ts
Lines changed: 3 additions & 0 deletions
@@ -94,16 +94,25 @@ export class IndicesPrivileges {
   /**
    * A search query that defines the documents the owners of the role have read access to. A document within the specified indices must match this query for it to be accessible by the owners of the role.
    */
-  query?: string[] | QueryContainer | RoleTemplateQueryContainer
+  query?: IndicesPrivilegesQuery
   /**
    * Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`.
    * @server_default false
    */
   allow_restricted_indices?: boolean
 }
 
-/** @variants container */
-export class RoleTemplateQueryContainer {
+/**
+ * While creating or updating a role you can provide either a JSON structure or a string to the API.
+ * However, the response provided by Elasticsearch will only be string with a json-as-text content.
+ *
+ * Since this is embedded in `IndicesPrivileges`, the same structure is used for clarity in both contexts.
+ *
+ * @codegen_names json_text, query, template
+ */
+export type IndicesPrivilegesQuery = string | QueryContainer | RoleTemplateQuery
+
+export class RoleTemplateQuery {
   /**
    * When you create a role, you can specify a query that defines the document level security permissions. You can optionally
    * use Mustache templates in the role query to insert the username of the current authenticated user into the role.
 
@@ -28,6 +28,9 @@ export class Response {
     applications: ApplicationPrivileges[]
     cluster: string[]
     global: GlobalPrivilege[]
+    /**
+     * In this context `IndicesPrivileges.query` property can only be a string, see `IndicesPrivileges` documentation for detail.
+     */
     indices: IndicesPrivileges[]
     run_as: string[]
   }