Bucket Protection

Bucket Protection

Couchbase Server secures buckets by means of Role-Based Access Control (RBAC): thereby ensuring that for production-purposes, all buckets can be password-protected; with different access-privileges assigned to different users.

Bucket Access

To access cluster-resources, Couchbase Server users — administrators and applications — must specify a username and password. Each user, when defined by a Full Administrator (who has full privileges on all cluster-resources), is assigned one or more roles; which determine either read or read-write access to server-resources. When a user successfully authenticates, their roles are examined by Couchbase Server; if the assigned roles correspond to appropriate privileges, the user is granted due access to the resource.

Couchbase buckets are among the resources protected by RBAC. For more information on establishing users, credentials, roles, and buckets, see Authorization.

Removal of Unprotected Buckets

For production-purposes, all buckets must be RBAC-protected, as described above. Any additional, legacy buckets, created non-securely, should be removed: this applies to legacy default and sample buckets that were created without password-protection.