Role-Based Access Control (RBAC)
Overview
This article outlines the update process for migrating from Login Enterprise v5. x to v6.0.
Login Enterprise v5.8 and older can't be updated directly to v6.0. However, Login Enterprise v5.9.8 through v5.14.7 can be updated directly to v6.0.
Before upgrading to v6.0, you must upgrade Debian to v12. This upgrade is available for Login Enterprise v5.9 and higher. For details, see Updating Debian.
1. Before updating, ensure you have a backup or snapshot of your Virtual Appliance.
If you are using the optional SQL database for data storage, back it up as well.
2. Mount and attach the Login Enterprise v6.0 ISO to your existing Virtual Appliance via your virtualization management platform.
Upgrade Limitations
- Launchers from previous versions of Login Enterprise are not compatible with Login Enterprise 6.0. Therefore, all Launchers must be updated when upgrading to version 6.0
- The upgrade to Login Enterprise 6.0 will be blocked under the following circumstances:
- If you're on Login Enterprise 5.8 or lower
- If you're on Login Enterprise 5.9–5.14 but still using Debian 10
- In these cases, you'll need to perform specific actions before upgrading:
- For version 5.8: You must update Linux before upgrading. Upgrade to version 5.14 and select 'Perform System Upgrade'
- For version 5.9 without Debian 12: You must update Linux before upgrading. Upgrade to version 5.14 and select 'Perform System Upgrade'
- Migration to 6.0 ensures that users assigned to the Admin or Read-Only LDAP groups can still log in after the upgrade. However, these migrated roles are not automatically assigned to Tests. As a result, users may not be able to see any Test data unless the appropriate roles are assigned to the Tests.
- To resolve this, Login Enterprise provides API endpoints that allow administrators to bulk update Tests and Test Runs to assign or replace the roles. For details, see API Endpoints for Managing Roles to Tests and Test Runs.
- You can also assign roles to a Test individually through the Login Enterprise UI in the Test Configuration.
Steps to Update to v6.0
1. Console into your Login Enterprise Virtual Appliance and log in.
2. In the Maintenance Menu, select Updates, and then Update from ISO.
3. Press Enter once you see the following message:
4. The console will show that the ISO is being mounted. After, it will prompt to confirm to perform the update. Type y and enter to confirm yes to proceed.
5. Now, the API updating notice should appear. This message mentions if any external API functionality is occurring, such as API scripts that need to be updated to reflect the changes with the API:
6. Press Enter to proceed.
7. The next page will ask if Database maintenance should be performed. You can use database maintenance to increase the overall speed of the Login Enterprise Virtual Appliance. You can perform it during the upgrade now by typing y and pressing Enter, or do it later ad hoc. For details, see Performing DB maintenance.
8. The next page is a prompt to perform a Debian OS update (on the Login Enterprise Virtual Appliance) from the mounted ISO.
9. To proceed with the Debian OS update from the ISO, type y, then press Enter.
- If you want to update the OS later from the ISO, type n, then Enter. The process to update from the ISO later would be this same update process, but you will need to type y, then Enter at this prompt.
- If the Login Enterprise Virtual Appliance is connected to the Internet, you can update the OS later via consoling into the Appliance. For details, see System Update from the Internet.
10. After this, log statements will indicate that the update is occurring and the contents of the ISO are being extracted.
11. There will be further log statements produced about the updating steps. After the update is completed, you will see the following message:
12. At this step, type y then press Enter.
13. After finishing rebooting, the console will show the version of Login Enterprise is v6.0.
14. You can also see it in the Login Enterprise web interface on the login page.
15. Perform another snapshot of the Login Enterprise Virtual Appliance for this successful update (named such as: “Initial update to Login Enterprise v6.0”)
Steps after Upgrading
- All Login Enterprise Launchers connected to your Login Enterprise Virtual Appliance will need to be updated. For details, see Launcher Maintenance and Updates.
- The Login Enterprise v6.0 Launcher needs to be downloaded from your Login Enterprise web interface. For details, see Downloading and Installing the Launcher.
- To update the Login Enterprise Launcher agent on each Launcher host, the Launcher installer/updater needs to be run on each by either:
- Silent installation. For details, see Silent installation.
- Graphical Launcher installation, invoked by running the Launcher installer (double-clicking on it if in the Downloads folder, for example) and following the installation prompts in the installation interface.
- To verify that the new Launcher installations are successful, run the Launchers, and the Launcher agent UI will look like this, with the new version showing in the top window banner (Login Enterprise Launcher v6.0.4 in this example), and the bottom a green banner reading “Connection status: Connected.“
- If a Launcher hasn’t been updated yet, the bottom orange banner would read “Connection status: Idle (update the Launcher to the latest version)“.
Role-Based Access Control (RBAC)
Login Enterprise v6.0 introduces the first version of role-based access control (RBAC). Currently, RBAC is only supported with LDAP (Active Directory) authentication, and requires LDAP users and groups for access management.
If you have LDAP set up, you can enable RBAC. Without LDAP integration, RBAC cannot function. To learn more about RBAC, use cases, permission dependencies, and more, see Role-Based Access Control (RBAC).