RBAC User Management

RBAC User Management

Couchbase RBAC allows defined users to be assigned roles, which permit access to resources.

Specifying Names

Both role-names and user-names are case sensitive.

Authentication Domains

Couchbase Server assigns users to different authentication domains, based on whether their definition is local (that is, on Couchbase Server itself) or external (that is, by means of LDAP or PAM).

For information, see Authentication.

Creating Users

Users can be created in the following ways:

For restrictions on username-design, see Couchbase Passwords.

Resetting a User Password

A user's password can be set in the following ways:

Note that a default Couchbase password policy is provided: this can be modified by the Full Administrator. See the Couchbase CLI command setting-password-policy.

Viewing Users

Currently defined users can be viewed in the following ways:

Granting and Revoking Roles

Roles can be granted and revoked as follows:

  • Granted: With the N1QL GRANT ROLE statement. See GRANT.

  • Revoked: With the N1QL REVOKE ROLE statement. See REVOKE.