Project Roles

Project roles are used to grant privileges to project collaborators.

Each project collaborator is assigned one or more project roles that determine their privileges within the project. Project roles are separate from organization roles, which grant overall privileges to Couchbase Capella. Project roles control who can create database credentials and their level of access to database data.

The following table describes the available project roles and their privileges.

Table 1. Project Roles
Role	Description
`Project Owner`	Provides complete database-management access. Users with this role can access data in any database in a project. A Project Owner has the following privileges: Create and manage databases Edit database configurations and settings Manage database services, including database scaling Manage replications Manage backups Restore from backups Configure allowed IP addresses Create and manage buckets Create and manage database credentials for all databases in the project Access data within any database in the project Manage project collaborators and their roles Delete the project A user with the `Organization Owner` role automatically has `Project Owner` privileges for all projects in the organization.
`Project Manager`	Provides access to management actions for all databases in a project. This role can create and delete databases but doesn’t provide access to data. A Project Manager has the following privileges for a project: Create and manage databases Edit database configurations and settings Manage database services, including database scaling Configure allowed IP addresses Create and manage buckets
`Project Viewer`	Provides read-only access to view all databases in a project. This role doesn’t provide access to data. A Project Viewer has the following privileges for a project: View all databases in the project View database activity, statistics, and logs View database configuration details and settings View allowed IP addresses View buckets View database credentials and their permissions View database certificates View database credentials for the databases in the project View members of the project and their roles View project activity
`Database Data Reader`	Provides read-only access to view data within any database in a project. This role allows use of tools like Query Workbench to read data but can’t modify or write data. A Database Data Reader has the following privileges for a project: View all databases in the project View database activity, statistics, and logs View database configuration details and settings View allowed IP addresses View database credentials and their permissions View database certificates View database credentials for the databases in the project View members of the project and their roles View project activity Read data within any database in the project
`Database Data Reader/Writer`	Provides read and write access to data within any database in a project. A Database Data Reader/Writer has the following privileges for a project: View all databases in the project View database activity, statistics, and logs View database configuration details and settings View allowed IP addresses View database credentials and their permissions View database certificates View database credentials for the databases in the project View members of the project and their roles View project activity Read and write data within any database in the project