Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

ALTER GROUP

  • Capella Operational
  • reference
  • Couchbase Server 8.0
The ALTER GROUP statement enables you to update an existing group.

Purpose

Use the ALTER GROUP statement to modify an existing group within the Couchbase Server Role-Based Access Control (RBAC) system. You can update the group’s description and its roles. You can either add new roles or remove all the existing ones. When you update a role for a group, all users in the group inherit the updated permissions automatically.

When you add new roles to a group, the ALTER GROUP statement replaces the group’s existing role assignments with the new ones you provide. It updates the entire role list, so any existing roles not included in the new list will be removed. If you want to add or remove specific roles without affecting the others, use the GRANT and REVOKE statements instead.

Prerequisites

To execute this statement in the Capella UI, you must have one of the following roles:

You cannot execute this statement using cluster access credentials.

Syntax

alter-group ::= 'ALTER' 'GROUP' name ( 'WITH' description )? 
                ( 'ROLE' rbac-role | 'ROLES' rbac-role (',' rbac-role )* | 'NO' 'ROLES' )?
Syntax diagram: refer to source code listing
name

(Required) The unique identifier of the group you want to update.
description

(Optional) A quoted string containing the updated description for the group.
rbac-role

(Optional) Update Roles

When altering a group, you can update its roles using one of the following options: ROLE, ROLES, or NO ROLES. You can specify only one of these options per statement.

  • ROLE assigns a single role to the group.

  • ROLES assigns multiple roles to group (the names must be separated by commas).

  • NO ROLES removes all roles from the group.

Update Roles

rbac-role ::= role ( 'ON' keyspace-ref )?
Syntax diagram: refer to source code listing
role

One of the RBAC role names predefined by Couchbase Server.

The following roles have short forms that can be used as well:

  • query_selectselect

  • query_insertinsert

  • query_updateupdate

  • query_deletedelete
keyspace-ref

Keyspace Reference

Keyspace Reference

keyspace-ref ::= keyspace-path | keyspace-partial
Syntax diagram: refer to source code listing 
keyspace-path ::= ( namespace ':' )? bucket ( '.' scope '.' collection )?
Syntax diagram: refer to source code listing 
keyspace-partial ::= collection
Syntax diagram: refer to source code listing

Use keyspace reference to specify the target for the update. For more information about each element, see the Keyspace Reference section in the FROM clause.

Examples

Example 1. Alter a group and update its description
ALTER GROUP support WITH "Support team for customer queries";
Example 2. Alter a group and add new roles
ALTER GROUP support
ROLES
query_select ON `travel-sample`.`inventory`.`airline`,
query_insert ON `travel-sample`.`inventory`.`airline`;
Example 3. Alter a group and remove all roles
ALTER GROUP support NO ROLES WITH "Currently unused group";