Organization, Project, and Database Access Overview
Couchbase Capella is organized into organizations and projects, each of which has its own user roles.
Couchbase Capella uses an organizational hierarchy to help you keep all of your data organized and securely accessible. The entity at the top of the hierarchy is called an organization. Everything you do in Couchbase Capella — whether it’s creating a cluster or managing billing — happens within the scope of an organization.
Within organizations are projects. Projects help you to organize and manage groups of Couchbase clusters. For example, you could use projects to create separate environments for production and development or group clusters by application.
To be a member of an organization, you need a Couchbase Capella user account. If you accept an invitation from an organization to create an account, you join that organization. If you create a user account without being invited to an existing organization, you will need to create a new organization.
Users added to an organization are assigned one or more organization roles. Organization roles control the privileges those users have within the organization. These privileges control if a user can do things like creating clouds or managing projects.
For more information on the different organization roles that are available, see Organization Roles.
Users have access to clusters within a project only when they’ve been added as a project member and assigned one or more project roles. Project roles determine the privileges users have within the scope of the project. These privileges determine whether a project member can do things like create database credentials, create and manage clusters in the project, or only view and monitor clusters.
For more information on the different project roles that are available, see Project Roles.
Programmatic and application-level access to data is managed using database credentials.
Only those project members with the
Project Owner role can create database credentials.
Capella automatically controls access to data within the Capella UI using roles.
For example, if a user only holds the
Project manager role in a project, they can’t use the data tools in the Capella UI due to the limitations of that project role.
However, if that user is also given the
Cluster Data Reader/Writer project role in the same project, they can use the Capella data tools to access and modify data.
To see the level of database access each project role provides, see Project Roles.