Within an organization, users can have one or more roles and each role grants specific privileges. User roles are managed by the Organization Owner.
- Organization owner - The role assigned by default to the person who created the organization. Has all privileges to deployments, organization-level details and properties, billing details and subscription levels. Organization owners are able to sign on to deployments with superuser privileges.
- Billing admin - Can manage an organization’s billing details such as credit card information, subscription and invoice history. Cannot manage other organization or deployment details and properties.
- Deployment admin - Can manage deployment’s details and properties, and is able to sign on to the deployment with superuser privileges. This role can be scoped to one or more deployments.
- Deployment editor - Can modify some deployment’s details and properties like hardware configuration, and is able to sign on to the deployment with the editor Stack role. This role can be scoped to one or more deployments.
- Deployment viewer - Can view deployments, and can sign on to the deployment with the viewer Stack role. This role can be scoped to one or more deployments.
Within the same organization, all members share the same set of default permissions. From the Elasticsearch Service main page you can:
- See the organization details.
- Modify your Profile under your avatar in the upper right corner.
- Leave the organization.
The Cloud UI navigation and access to components is based on user privileges.
Roles are assigned to every member of an organization and can refer (or be scoped) to one or more specific deployments, or all deployments. When a role is scoped to all deployments it grants permissions on all existing and future deployments.
This list describes the scope of the different roles:
- Organization owner - This role is always scoped to administer all deployments.
- Billing admin - This role does not refer to any deployment.
- Deployment admin, Deployment editor, and Deployment viewer - These roles can be scoped to either all deployments, or specific deployments.
Members are only able to see the role assignments of other members under the organization they belong to, for role assignments they are able to manage. Members with the Organization owner role assigned are able to see the role assignments of every member of their organization.
Members with the Deployment admin role assigned are able to see role assignments for deployments within their scope. For example, Deployment admins of all deployments are able to see role assignments scoped to all and specific deployments in the organization, while Deployment admins of specific deployments only see role assignments scoped to those specific deployments. This ensures that members assigned to specific deployments do not try to remove role assignments from other members, and that the existence of other deployments are not revealed to these members.
Intro to Kibana
ELK for Logs & Metrics