Version 2.3 of Elastic Cloud Enterprise (ECE) is now available for download, finally bringing role-based access control (RBAC) to its general user base and letting admins decide who gets to see what. ECE allows the deployment of Elastic’s search-based software as a service offerings on a company’s infrastructure of choice (public cloud, private cloud, virtual machines, bare metal).
The new version is the first to come with four pre-configured roles to help admins control deployment access and management privileges. This is only the first step in the product’s RBAC journey, though. Customisable deployment-level permissions and greater abilities to separate users by teams are on the ECE roadmap.
For now, admins can choose between the roles of platform admin, platform viewer, deployments admin, and deployments viewer for their users. The platform admin role has full permissions to manage platform assets and deployments, making it equivalent to the default admin users.
The standard read-only user is reflected in the platform viewer role, which gives read-only permissions to assets and deployments. Users that are meant to be able to create and manage deployments without access to a platform’s assets are best put into the deployments admin role, while deployment viewers can only look at deployments.
To help in keeping track of a deployment, the Elastic team has added more details and filtering options to the Activity page. Meanwhile the Operations page was fitted with an option to create heap dumps that can be used for analysis if something goes awry.
Admins that want to integrate ECE with other tools or need API examples to better automate their ECE processes can select “API Example” when they create deployment templates. The system will then let them know about the equivalent RESTful API call which they can use as needed.
Apart from that, the product has been updated to use more recent versions of Elasticsearch and Kibana, and Ubuntu 14.04 LTS has been removed from the documentation as announced in the last release. Ops folks making use of hot-warm deployments will have to check the documentation, since APM now creates initial index lifecycle policies that might need some manual work to properly run.