Sample Code

The .NET SDK now lets you create users, assign them roles and associated privileges, and remove them from the system.

User-Management APIs

Users who have been assigned the Admin role for the cluster are able to create, edit, and remove users. The .NET SDK provides APIs to support these activities. A high-level summary of the APIs can be found in User-Management.

.NET User-Management Example

The following code-example demonstrates how the user-management APIs can be used. It assumes that Couchbase Server is established on localhost; that the Full Administrator username and password are Administrator and password respectively; and that the travel-sample bucket is installed. For information on installing the travel-sample bucket, see Install Sample Buckets.

Use of the Full Administrator username and password gives an application complete access to all resources within the Couchbase Server-environment: use of the Full Administrator username and password may therefore be useful during code-development. However, for production purposes, the Full Administrator username and password should only be used when absolutely essential: in all other circumstances, the specified username and password should correspond to some lesser role, which appropriately delimits access to server-resources. Creation of such a role, and the establishment of its associated username and password, is demonstrated in the following code-example.
using System;
using System.Collections.Generic;
using System.Linq;
using Couchbase;
using Couchbase.Configuration.Client;
using Couchbase.Management;
using Couchbase.N1QL;

namespace UserManagementExample
    class Program
        static void Main(string[] args)
            // Access the cluster that is running on the local host, authenticating with
            // the username and password of the Full Administrator. This
            // provides all privileges.
            var cluster = new Cluster(new ClientConfiguration
                Servers = new List<Uri>
                    new Uri("http://localhost:8091")

            Console.WriteLine("Authenticating as administrator.");
            cluster.Authenticate("Administrator", "password");

            // Create a user and assign roles.
                .UpsertUser("cbtestuser", "cbtestuserpwd", "cbtestuser",

                    // Roles required for the reading of data from
                    // the bucket.
                    new Role {Name = "data_reader", BucketName = "travel-sample"},
                    new Role {Name = "query_select", BucketName = "travel-sample"},

                    // Roles required for the writing of data into
                    // the bucket.
                    new Role {Name = "data_writer", BucketName = "travel-sample"},
                    new Role {Name = "query_insert", BucketName = "travel-sample"},
                    new Role {Name = "query_delete", BucketName = "travel-sample"},

                    // Role required for the creation of indexes
                    // on the bucket.
                    new Role {Name = "query_manage_index", BucketName = "travel-sample"}

            // List current users.
            Console.WriteLine("Listing current users.");
            var listOfUsers = cluster.CreateManager().GetUsers().Value;

            var ofUsers = listOfUsers as User[] ?? listOfUsers.ToArray();
            for (var j = 0; j < ofUsers.Count(); j++)
                var currentUser = ofUsers[j];

                Console.WriteLine(Environment.NewLine + "USER #" + j + ": "
                        + Environment.NewLine);

                Console.WriteLine("User's name is: " + currentUser.Name);
                Console.WriteLine("User's domain is: " + currentUser.Domain);

                var currentRoles = currentUser.Roles.ToArray();
                var arraySize = currentRoles.Length;

                for (var i = 0; i < arraySize; i++)
                    Console.WriteLine("User has the role: " + currentRoles[i].Name
                        + ", applicable to bucket " +

            // Access the cluster with the username and password assigned by the administrator'
            Console.WriteLine("Authenticating as user." + Environment.NewLine);
            cluster.Authenticate("cbtestuser", "cbtestuserpwd");

            // Open the travel-sample bucket.
            Console.WriteLine("Opening travel-sample bucket as user." + Environment.NewLine);
            var travelSample = cluster.OpenBucket("travel-sample");

            // Create a N1QL Primary Index (but ignore if one already exists).

            // Read out an existing document within the bucket.
            Console.WriteLine("Reading out airline_10 document");
            var returnedAirline10Doc = travelSample.GetDocument<dynamic>("airline_10");
            Console.WriteLine("Found: " + returnedAirline10Doc.Content);

            // Create a new document.
            Console.WriteLine(Environment.NewLine + "Creating new document as user.");
            var airline11Document = new Document<dynamic>
                Id = "airline_11",
                Content = new
                    callsign = "MILE-AIR",
                    iata = "Q5",
                    icao = "MLA",
                    id = 11,
                    name = "40-Mile Air",
                    type = "airline"

            // Upsert the document to the bucket.
            Console.WriteLine("Upserting new document as user.");

            Console.WriteLine("Reading out airline11Document as user.");
            var returnedAirline11Doc = travelSample.GetDocument<dynamic>("airline_11");
            Console.WriteLine("Found: " + returnedAirline11Doc.Content);

            // Perform a N1QL Query.
            Console.WriteLine("Performing query as user.");
            var returnedValues = "Query-results are: \n\t";

            var result = travelSample.Query<dynamic>(new QueryRequest("SELECT * FROM `travel-sample` LIMIT 5"));
            foreach (var row in result)
                returnedValues = returnedValues + row + Environment.NewLine
                        + Environment.NewLine + '\t';


            // Access the cluster that is running on the local host, authenticating with
            // the username and password of the Full Administrator. This
            // provides all privileges.
            Console.WriteLine("Re-authenticating as administrator.");
            cluster.Authenticate("Administrator", "password");

            // Remove known user.
            Console.WriteLine("Removing user as administrator.");
            var userToBeRemoved = "cbtestuser";
            var whetherOrNotUserWasRemoved =

            if (!whetherOrNotUserWasRemoved)
                Console.WriteLine("Could not delete user " + userToBeRemoved + ".");
                Console.WriteLine("Deleted user " + userToBeRemoved + ".");

            // Disconnect from the cluster.