Creating a read-only user

Creating a read-only user

One non-administrative user can be created with read-only access for the Web Console and REST API.

A read-only user cannot create buckets, edit buckets, add nodes to clusters, change XDCR settings, create views or see any stored data. Any REST API calls which require an administrator fail and return an error for this user.

In the Couchbase web console, a read-only user can view:

  • Cluster Overview.
  • Design documents and view definitions but cannot query views.
  • Bucket summaries including Cache Size and Storage Size, but cannot view documents.
  • List of XDCR replications and remote clusters.
  • Logged events under the Log tab, but the user cannot Generate Diagnostic Report.
  • Settings for a cluster.

If a read-only user performs a REST POST or DELETE request that changes cluster, bucket, XDCR, or node settings, the server sends an HTTP 401 error:

HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="Couchbase Server Admin / REST"
Tip: The read-only user cannot set up a Couchbase SDK to connect to the server. All SDKs require that a client connect with bucket-level credentials.
  1. In the Couchbase Web Console, click Settings.
    A panel appears with several different sub-tabs.
  2. Click Account Management. A panel appears where you can add a read-only user.
  3. Enter a Username, Password and verify the password.
  4. Click Create.
    The panel refreshes and has options for resetting the read-only user password or deleting the user.