Project Roles

Capella Operational

Project roles are used to grant privileges to project collaborators.

Each project collaborator is assigned one or more project roles that determine their privileges within the project. Project roles are separate from organization roles, which grant overall privileges to Couchbase Capella. Project roles control who can create cluster credentials and their level of access to cluster and App Services data.

List of Project Roles

The following table describes the available project roles and their privileges.

Table 1. Project Roles
Role	Description
`Project Owner`	Provides complete cluster-management and App Services access. Users with this role can access data in any cluster in a project. A Project Owner has the following privileges: Create and manage clusters Edit cluster configurations and settings Manage cluster services, including cluster scaling Manage replications Manage backups Restore from backups Configure allowed IP addresses Create and manage buckets View and manage upgrade maintenance jobs Create and manage cluster credentials for all clusters in the project Access data within any cluster in the project Manage project collaborators and their roles Delete the project A user with the `Organization Owner` role automatically has `Project Owner` privileges for all projects in the organization.
`Cluster Manager`	Provides access to management actions for all clusters and App Services in a project. This role can create and delete clusters but it does not provide access to data. A Cluster Manager has the following privileges for a project: Create and manage clusters Edit cluster configurations and settings Manage cluster services, including cluster scaling Configure allowed IP addresses Create and manage buckets
`Cluster Viewer`	Provides read-only access to view all clusters and App Services in a project. This role does not provide access to data. A Cluster Viewer has the following privileges for a project: View all clusters in the project View cluster activity, statistics, and logs View cluster configuration details and settings View allowed IP addresses View buckets View cluster credentials and their permissions View cluster certificates View cluster credentials for the clusters in the project View members of the project and their roles View project activity
`Data Reader`	Provides read-only access to view data within any cluster in a project. This role allows use of tools like the Query tab to read data but it cannot modify or write data. A Data Reader has the following privileges for a project: View all clusters in the project View cluster activity, statistics, and logs View cluster configuration details and settings View allowed IP addresses View cluster credentials and their permissions View cluster certificates View cluster credentials for the clusters in the project View members of the project and their roles View project activity Read data within any cluster in the project
`Data Writer`	Provides read and write access to data within any cluster in a project. A Data Writer has the following privileges for a project: View all clusters in the project View cluster activity, statistics, and logs View cluster configuration details and settings View allowed IP addresses View cluster credentials and their permissions View cluster certificates View cluster credentials for the clusters in the project View members of the project and their roles View project activity Read and write data within any cluster in the project