since rest API to manipulate users/roles, so is it possible to add a well-known password for admin to operation everything and forget about esusers at all?
In 2.3, a good practice would be to use esusers to create an admin user. Then use that admin user to create a native admin user via the API. At that point, you could remove the esusers admin, and continue using the native admin user.
In future versions of the stack, we are planning to have a built-in administrator user in the native realm, which will remove the requirement of using the esusers realm unless you choose to.
the build-in administarator user is exactly what I want. so I'd like to ask when will be the future versions you are talking about? is it possible for 2.3.2?
It will not be coming in a 2.3.x version; we have chosen not to add this in a minor release and definitely not a bug fix release. Adding a new user to a system that someone upgrades could open up a security hole if they are not aware of the new user and I believe the risk is much greater for that to happen in a minor release.