Project Roles

Project roles are used to grant privileges to project members.

Each project member is assigned one or more project roles that determine their privileges within the project. Project roles are separate from organization roles, which grant overall privileges to Couchbase Capella. Project roles control who can create database credentials and their level of access to cluster data.

The following table describes the available project roles and their associated privileges.

Table 1. Project Roles
Role	Description
`Project Owner`	Provides complete cluster-management access. Users with this role can access data within any cluster in a project. It includes the following privileges: Create and manage clusters Edit cluster configurations and settings Manage cluster services, including cluster scaling Manage replications Manage backups Restore from backups Configure allowed IP addresses Create and manage buckets Create and manage database credentials for all clusters in the project Access data within any cluster in the project Manage project members and their roles Delete the project A user with the `Organization Owner` role automatically has `Project Owner` privileges for all projects in the organization.
`Cluster Manager`	Provides access to management actions for all clusters in a project. This role can create and delete clusters but does not provide access to data. It includes the following privileges within the project: Create and manage clusters Edit cluster configurations and settings Manage cluster services, including cluster scaling Configure allowed IP addresses Create and manage buckets
`Cluster Viewer`	Provides read-only access to view all clusters in a project. This role does not provide access to data. It includes the following privileges within the project: View all clusters in the project View cluster activity, statistics, and logs View cluster configuration details and settings View allowed IP addresses View buckets View database credentials and their permissions View cluster certificates View database credentials for the clusters in the project View members of the project and their roles View project activity
`Cluster Data Reader`	Provides read-only access to view data within any cluster in a project. This role allows use of tools like Query Workbench to read data but can’t modify or write data. It includes the following privileges within the project: View all clusters in the project View cluster activity, statistics, and logs View cluster configuration details and settings View allowed IP addresses View database credentials and their permissions View cluster certificates View database credentials for the clusters in the project View members of the project and their roles View project activity Read data within any cluster in the project
`Cluster Data Reader/Writer`	Provides read and write access to data within any cluster in a project. It includes the following privileges within the project: View all clusters in the project View cluster activity, statistics, and logs View cluster configuration details and settings View allowed IP addresses View database credentials and their permissions View cluster certificates View database credentials for the clusters in the project View members of the project and their roles View project activity Read and write data within any cluster in the project