Project Roles

      +
      Project roles are used to grant privileges to project collaborators.

      Each project collaborator is assigned one or more project roles that determine their privileges within the project. Project roles are separate from organization roles, which grant overall privileges to Couchbase Capella. Project roles control who can create database credentials and their level of access to database data.

      List of Project Roles

      The following table describes the available project roles and their privileges.

      Table 1. Project Roles
      Role Description

      Project Owner

      Provides complete database-management access. Users with this role can access data in any database in a project.

      A Project Owner has the following privileges:

      • Create and manage databases

        • Edit database configurations and settings

        • Manage database services, including database scaling

        • Manage replications

        • Manage backups

        • Restore from backups

        • Configure allowed IP addresses

        • Create and manage buckets

      • Create and manage database credentials for all databases in the project

      • Access data within any database in the project

      • Manage project collaborators and their roles

      • Delete the project

      A user with the Organization Owner role automatically has Project Owner privileges for all projects in the organization.

      Project Manager

      Provides access to management actions for all databases in a project. This role can create and delete databases but doesn’t provide access to data.

      A Project Manager has the following privileges for a project:

      • Create and manage databases

        • Edit database configurations and settings

        • Manage database services, including database scaling

        • Configure allowed IP addresses

        • Create and manage buckets

      Project Viewer

      Provides read-only access to view all databases in a project. This role doesn’t provide access to data.

      A Project Viewer has the following privileges for a project:

      • View all databases in the project

        • View database activity, statistics, and logs

        • View database configuration details and settings

        • View allowed IP addresses

        • View buckets

        • View database credentials and their permissions

        • View database certificates

      • View database credentials for the databases in the project

      • View members of the project and their roles

      • View project activity

      Database Data Reader

      Provides read-only access to view data within any database in a project. This role allows use of tools like the Query tab to read data but can’t modify or write data.

      A Database Data Reader has the following privileges for a project:

      • View all databases in the project

        • View database activity, statistics, and logs

        • View database configuration details and settings

        • View allowed IP addresses

        • View database credentials and their permissions

        • View database certificates

      • View database credentials for the databases in the project

      • View members of the project and their roles

      • View project activity

      • Read data within any database in the project

      Database Data Reader/Writer

      Provides read and write access to data within any database in a project.

      A Database Data Reader/Writer has the following privileges for a project:

      • View all databases in the project

        • View database activity, statistics, and logs

        • View database configuration details and settings

        • View allowed IP addresses

        • View database credentials and their permissions

        • View database certificates

      • View database credentials for the databases in the project

      • View members of the project and their roles

      • View project activity

      • Read and write data within any database in the project