Role-Based Access Control (RBAC) for Administrators

Role-Based Access Control (RBAC) for Administrators

Role-Based Access Control (RBAC) for administrators is designed to manage administrative access to the Couchbase system and to achieve segregation of administrative duties. With RBAC, each administrator can perform only a well-defined fixed set of operations based on the job description.

RBAC requires configuration with LDAP so that the administrator's userid in LDAP can be mapped by the Full Administrator to one or more fixed administrative roles. These roles contain a defined set of duties that can be performed in the system, and LDAP users have no other administrative access except for the one defined in their role assignment.

Full administrators in Couchbase can manage user roles using the Couchbase CLI tools (as described in admin-role-manage) or REST API (as described in Role Based Admin Access (RBAC)).

Fixed Administrative Roles in Couchbase

There are six fixed administrative roles in Couchbase Server: Full, Cluster, Bucket, View, and Replication Administrator.

At a high-level, Couchbase has many resources:

  • Cluster
  • Server
  • Bucket
  • Index (GSI)
  • Views (MapReduce and spatial)
  • XDCR Cluster Reference
  • XDCR Replication Stream

While Index and Views are tied to a bucket, XDCR exists at the cluster scope with setting up the cluster references, and at the bucket scope for replications.

The diagram below shows how these administrative roles correlate to each other.

Full Administrator
The Full Administrator role has permissions to read/write and manage all Couchbase resources, including the security settings such as adding a user to, or removing a user from a particular fixed role.
Read-only Administrator

A Read-Only Administrator has read-only access and cannot make any changes to the system. This user has read-only access to cluster overview, design documents (without the ability to create or query views), bucket summaries (without the ability to create or view documents), XDCR cluster references, XDCR replications, and cluster settings.

Cluster Administrator
The Cluster Administrator role has permissions to read, write and manage all cluster-level settings except security settings of the cluster.
Bucket Administrator
The Bucket Administrator role has permissions to manage bucket settings. This role can be assigned globally to all buckets (denoted by *), or to a particular bucket.
For XDCR operations, the Bucket Administrators can start/stop replication for the buckets they administer. However, they cannot set up the XDCR cluster references.
View Administrator
The View Administrator role gives privileges to the user to define views and then run these views on data to ensure that views are defined properly. This applies both to the map-reduce and spatial views.
Replication (XDCR) Administrator
The Replication Administrator role can now configure XDCR topology and manage replications for High Availability without sharing administrative credentials assigned to this role.
Table 1. Role-Based Access Control (RBAC) for Administrators
Couchbase Resource and Administrative Roles Administrative Access: W(rite), R(ead), S(ecurity), none
Configuration Statistics
Full Administrator
Cluster W, R, S W, R, S
---XDCR RemoteCluster Reference W, R, S W, R, S
---Node W, R, S W, R, S
------Bucket [ * | particular_bucket ] W, R, S W, R, S
---------XDCR Replication Stream W, R, S W, R, S
---------Index (via REST API #8093) W, R, S W, R, S
---------Index (via UI #8091) W, R, S W, R, S
---------View (via REST API #8093) W, R, S W, R, S
---------View (via UI #8091) W, R, S W, R, S
Read-only Administrator
Cluster R R
---XDCR RemoteCluster Reference R R
---Node R R
------Bucket [ * | particular_bucket ] R R
------XDCR Replication Stream R R
---------Index (via REST API #8093) *** R R
---------Index (via UI #8091) R R
---------View (via REST API #8093) R R
---------View (via UI #8091) R R
Cluster Administrator
Cluster W, R W, R
---XDCR RemoteCluster Reference W, R W, R
---Node W, R W, R
------Bucket [ * | particular_bucket ] W, R W, R
---------XDCR Replication Stream W, R W, R
---------Index (via REST API #8093) (bucket users can access their buckets)** W, R W, R
---------Index (via UI #8091) W, R W, R
---------View (via REST API #8093) W, R W, R
---------View (via UI #8091)* W, R W, R
Bucket Administrator
Cluster none none
---XDCR RemoteCluster Reference none none
---Node none none
------Bucket [ * | particular_bucket ]**** W, R W, R
---------XDCR Replication Stream W, R W, R
---------Index (query) via REST API #8093 (bucket users can access their buckets ) ** W, R W, R
---------Index (via UI #8091) none none
---------View (via REST API #8093) W, R W, R
---------View (via UI #8091) (for the buckets for which they are view administrators)* W, R W, R
View Administrator
Cluster none none
---XDCR RemoteCluster Reference none none
---Node none none
------Bucket [ * | particular_bucket ] none none
---------XDCR Replication Stream none none
---------Index (query) via REST API #8093 *** none none
---------Index (query) via UI #8091 none none
---------View via REST API #8093 W, R W, R
---------View (via UI #8091) (for the buckets for which they are view administrators) * W, R W, R
Replication (XDCR) Administrator
Cluster none none
---XDCR RemoteCluster Reference W, R W, R
---Node none none
------Bucket [ * | particular_bucket ] none none
---------XDCR Replication Stream W, R W, R
---------Index *** none none
---------View none none

Explanations:

  • W(rite), R(ead), S(ecurity), none (or no access).
  • *: For views that are accessed through #8092, bucket credentials will be validated for the buckets that have the views.
  • **: Multiple bucket passwords can be passed to authenticate to each password-protected bucket.
  • ***: If a bucket is not protected with a password, a non-defined user role (none) can execute queries and read indexes.
  • ****: The Bucket Administrator can perform all administrative actions that require read/write access to a specific bucket except for creating that bucket.