Migration to New User Management
Couchbase Capella uses an improved roles-based access control system that changes how users are managed from previous versions.
This page is to assist existing customers in understanding how roles management has changed from Couchbase Cloud to Couchbase Capella and how this migration affects user management in their organizations.
There are now four organization roles and you can assign users multiple roles. Legacy organization roles have been mapped to the Capella organization roles in the following way:
|Legacy Organization Role||Current Organization Role|
For more information on organization roles, see:
There are now five project roles available:
As with organization roles, you can assign multiple roles to project members to create more specific access profiles.
For example, if you wanted to provide a user with access that allows them to edit a cluster’s configuration and read/write data, you would assign them the
Cluster Manager and
Cluster Data Reader/Writer roles.
|In some cases, you may need to re-add users to projects where there is no clear mapping of legacy project roles to project roles in Capella.|
For more information on project roles, see:
Database users have been replaced with database credentials. The ability to create database credentials and access data using the Capella UI is automatically managed by Capella and is based on roles.
Database credentials provide programmatic and application-level access to data and are now completely independent of users.
Only users with the
Project Owner role can create database credentials.
The controls to view and create database credentials are now accessible from within each cluster under the Connect tab and clicking Manage Credentials.
If you used database users to access cluster data, you will find that this no longer works. To regain access, you must have the appropriate role. If this is not the case, work with your administrator to be assigned the appropriate role for the appropriate project.
Access to data is controlled at the project level, so you can do this by creating a unique project for each cluster you want to control access to and assigning user roles based on those needs.
Controlling access to a specific bucket or set of buckets in the Capella UI is not possible at this time. If you need to grant access to only specific buckets, consider creating database credentials with the necessary access and using these to access data outside of the Couchbase Capella UI, such as through one of the Couchbase SDKs.
For more information on database credentials and how to create them, see: