The GRANT statement allows granting any RBAC roles to a specific user.

Roles can be of the following two types:
simple Roles which apply generically to all buckets/resources in the cluster.

For example: ClusterAdmin or BucketAdmin

parameterized by a bucket Roles which are defined for the scope of the specified bucket only. The bucket name is specified after ON.

For example: BucketReader ON `travel-sample`

or Query_Select ON `travel-sample`

Note: Only Full Administrators can run the GRANT statement. For more details about user roles, see Authorization.


GRANT role1   [, role2, ...]
   ON bucket1 [, bucket2, ...]
   TO user1   [, user2, ...];
RBAC-role is one of the RBAC role names predefined by Couchbase Server.
RBAC-user is the user name created by the Couchbase Server RBAC system.
The following roles have short forms that can be used as well:
  • query_select → select
  • query_insert → insert
  • query_update → update
  • query_delete → delete
The name of your Couchbase or Memcached bucket or buckets.
RBAC-user in your bucket.
GRANT statements support legacy systems and have two forms:
1. Unparameterized Roles
GRANT Replication Admin, Query External Access
   TO cchaplan, jgleason;
GRANT replication_admin, query_external_access
   TO cchaplan, jgleason;
2. Parameterized Roles
GRANT Query Select, Views Admin
   ON orders, customers
   TO bill, linda;

GRANT query_select, views_admin
   ON orders, customers
   TO bill, linda;
Note: Mixing of parameterized and unparameterized roles or syntax is not allowed and will create an error.

Example 1: Grant the role of Cluster Administrator to three people.

GRANT ClusterAdmin TO david, michael, robin;
Example 2: Grant the roles of Cluster Administrator and Bucket Reader in the Travel Sample bucket to Debby.
GRANT ClusterAdmin, BucketReader ON `travel-sample` TO debby;