Release Date: 13 April 2023
Patch Release 1.5.3
- Bug fix for SSC Utility
- Bug fix for incorrect UI version bundled
OverviewThe main focus of this release is support for multiple users of Neo4j Ops Manager, with the ability to control access to both DBMSs and Features through a permission based setup. There are a number of additional small enhancements and bug fixes.
Neo4j Ops Manager Users
- Ability to create NOM users
- Two types of users: NOM Admin and Administrators
- NOM Admins have access to all NOM features and can create, edit and remove all other users
- Administrators’ access is configured to allow access to global and DBMS specific features
- Permissions to access DBMS specific features can be granted explicitly for a DBMS
- Or they can be implicitly assigned through DBMS glob patterns
- Where applicable – users can be assigned ‘View’ or “Edit’ permissions for a feature
- GraphQL API will only allow queries and mutations that are permitted according to the logged in user’s configured access permissions
- The UI will reflect what the logged in user is allowed to view for each DBMS and only allow Edit functionality where it has been assigned
- Warnings for license violations and upcoming expiry of trial licenses for Neo4j from 5.4
- Warnings for upcoming and actual license expiry for GDS and Bloom (from Neo4j 5.4)
Agent self-registrationTwo ways to securely allow agent to start communicating with NOM server. With manual approval
- Agent is configured simply with the NOM server addresses (HTTP and GRPC)
- Agent requests to register with the configured NOM Server
- Agent stays in standby mode until it has been approved through the UI
- After approval, NOM server provides the agent with the credentials required for full communication.
- Certificates are obtained for both the NOM server and agent
- Agent and server are configured to trust each other’s certificates
- Agent is configured with server addresses (HTTP and GRPC)
- When the NOM server receives a registration request from an agent it trusts (via certificates) it provides the credentials required for full communication.
- The NOM server contains an embedded signed update payload that brings a connected agent up-to-date with the server version.
- The agent only ever applies an update that is signed using an internal Neo4j signing key.
- No internet connection is required for agent updates to work.
- The server can automatically keep all connected agents up-to-date using the Auto-update toggle switch
- Alternatively updates can be triggered for specific agents
- Fixed an issue with the Windows agent to allow it to read monitored instances’ server ids
- Fixed agent logging issue which was causing logs to be missed when logging to file