Sample Code

The .NET SDK now lets you create users, assign them roles and associated privileges, and remove them from the system.

User-Management APIs

Users who have been assigned the Admin role for the cluster are able to create, edit, and remove users. The .NET SDK provides APIs to support these activities. A high-level summary of the APIs can be found in User-Management.

.NET User-Management Example

The following code-example demonstrates how the user-management APIs can be used. It assumes that Couchbase Server is established on localhost; that the Full Administrator username and password are Administrator and password respectively; and that the travel-sample bucket is installed. For information on installing the travel-sample bucket, see Sample Buckets.

Use of the Full Administrator username and password gives an application complete access to all resources within the Couchbase Server-environment: use of the Full Administrator username and password may therefore be useful during code-development. However, for production purposes, the Full Administrator username and password should only be used when absolutely essential: in all other circumstances, the specified username and password should correspond to some lesser role, which appropriately delimits access to server-resources. Creation of such a role, and the establishment of its associated username and password, is demonstrated in the following code-example.
using System;
using System.Collections.Generic;
using System.Linq;
using Couchbase;
using Couchbase.Configuration.Client;
using Couchbase.Management;
using Couchbase.N1QL;

namespace UserManagementExample
{
    class Program
    {
        static void Main(string[] args)
        {
            // Access the cluster that is running on the local host, authenticating with
            // the username and password of the Full Administrator. This
            // provides all privileges.
            var cluster = new Cluster(new ClientConfiguration
            {
                Servers = new List<Uri>
                {
                    new Uri("http://localhost:8091")
                }
            });

            Console.WriteLine("Authenticating as administrator.");
            cluster.Authenticate("Administrator", "password");

            // Create a user and assign roles.
            cluster.CreateManager()
                .UpsertUser("cbtestuser", "cbtestuserpwd", "cbtestuser",

                    // Roles required for the reading of data from
                    // the bucket.
                    new Role {Name = "data_reader", BucketName = "travel-sample"},
                    new Role {Name = "query_select", BucketName = "travel-sample"},

                    // Roles required for the writing of data into
                    // the bucket.
                    new Role {Name = "data_writer", BucketName = "travel-sample"},
                    new Role {Name = "query_insert", BucketName = "travel-sample"},
                    new Role {Name = "query_delete", BucketName = "travel-sample"},

                    // Role required for the creation of indexes
                    // on the bucket.
                    new Role {Name = "query_manage_index", BucketName = "travel-sample"}
            );

            // List current users.
            Console.WriteLine("Listing current users.");
            var listOfUsers = cluster.CreateManager().GetUsers().Value;

            var ofUsers = listOfUsers as User[] ?? listOfUsers.ToArray();
            for (var j = 0; j < ofUsers.Count(); j++)
            {
                var currentUser = ofUsers[j];

                Console.WriteLine(Environment.NewLine + "USER #" + j + ": "
                        + Environment.NewLine);

                Console.WriteLine("User's name is: " + currentUser.Name);
                Console.WriteLine("User's domain is: " + currentUser.Domain);

                var currentRoles = currentUser.Roles.ToArray();
                var arraySize = currentRoles.Length;

                for (var i = 0; i < arraySize; i++)
                {
                    Console.WriteLine("User has the role: " + currentRoles[i].Name
                        + ", applicable to bucket " +
                    currentRoles[i].BucketName);
                }
            }

            // Access the cluster with the username and password assigned by the administrator'
            Console.WriteLine("Authenticating as user." + Environment.NewLine);
            cluster.Authenticate("cbtestuser", "cbtestuserpwd");

            // Open the travel-sample bucket.
            Console.WriteLine("Opening travel-sample bucket as user." + Environment.NewLine);
            var travelSample = cluster.OpenBucket("travel-sample");

            // Create a N1QL Primary Index (but ignore if one already exists).
            travelSample.CreateManager().CreateN1qlPrimaryIndex(false);

            // Read out an existing document within the bucket.
            Console.WriteLine("Reading out airline_10 document");
            var returnedAirline10Doc = travelSample.GetDocument<dynamic>("airline_10");
            Console.WriteLine("Found: " + returnedAirline10Doc.Content);

            // Create a new document.
            Console.WriteLine(Environment.NewLine + "Creating new document as user.");
            var airline11Document = new Document<dynamic>
            {
                Id = "airline_11",
                Content = new
                {
                    callsign = "MILE-AIR",
                    iata = "Q5",
                    icao = "MLA",
                    id = 11,
                    name = "40-Mile Air",
                    type = "airline"
                }
            };

            // Upsert the document to the bucket.
            Console.WriteLine("Upserting new document as user.");
            travelSample.Upsert(airline11Document);

            Console.WriteLine("Reading out airline11Document as user.");
            var returnedAirline11Doc = travelSample.GetDocument<dynamic>("airline_11");
            Console.WriteLine("Found: " + returnedAirline11Doc.Content);

            // Perform a N1QL Query.
            Console.WriteLine("Performing query as user.");
            var returnedValues = "Query-results are: \n\t";

            var result = travelSample.Query<dynamic>(new QueryRequest("SELECT * FROM `travel-sample` LIMIT 5"));
            foreach (var row in result)
            {
                returnedValues = returnedValues + row + Environment.NewLine
                        + Environment.NewLine + '\t';
            }

            Console.WriteLine(returnedValues);

            // Access the cluster that is running on the local host, authenticating with
            // the username and password of the Full Administrator. This
            // provides all privileges.
            Console.WriteLine("Re-authenticating as administrator.");
            cluster.Authenticate("Administrator", "password");

            // Remove known user.
            Console.WriteLine("Removing user as administrator.");
            var userToBeRemoved = "cbtestuser";
            var whetherOrNotUserWasRemoved =
                    cluster.CreateManager().RemoveUser(userToBeRemoved).Success;

            if (!whetherOrNotUserWasRemoved)
            {
                Console.WriteLine("Could not delete user " + userToBeRemoved + ".");
            }
            else
            {
                Console.WriteLine("Deleted user " + userToBeRemoved + ".");
            }

            // Disconnect from the cluster.
            //
            cluster.Dispose();

            Console.Read();
        }
    }
}