Couchbase Full Administrator can set up the internal role of the Read-Only Administrator.
Setting up of the Read-Only Administrator does not require that LDAP authentication is enabled. Couchbase Full Administrator can create this role using the Couchbase Web Console and REST API.
The Read-Only Administrator in Couchbase read-only access and cannot make any changes to the system, nor can it access N1QL. The user can only view existing servers, buckets, views and monitor stats.
The Read-Only Administrator can do the following:
- Cluster Overview
- Design documents and view definitions but cannot query views.
- List of XDCR replications and remote clusters.
- Logged events under the Log tab but the user cannot Generate Diagnostic Report.
- Settings for a cluster.
The Read-Only Administrator cannot perform these tasks:
- Create or edit buckets
- Add nodes to clusters
- Change XDCR settings
- Create views or see any stored data.
- Any REST API calls which require administrator privileges will fail and return an error for this user.
The server sends an HTTP 401 error if an unauthorized user performs a REST POST or DELETE request that changes cluster, bucket, XDCR, or node settings:
HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="Couchbase Server Admin / REST" ....
- All SDKs require that a client connects with bucket-level credentials. Therefore, the Read-Only Administrator cannot set up a Couchbase SDK to connect to the server.
Add a Read-Only Administrator via UITo assign the Read-Only Administrator's role to a user:
- In the dialog box, enter the Read-Only Administrator's credentials: username and password.
- Click on Create to create the user.