User Management

      +
      The Go SDK lets you create users, assign them roles and associated privileges, and remove them from the system.

      User-Management APIs

      Users who have been assigned the Admin role for the cluster are able to create, edit, and remove users. The Go SDK provides APIs to support these activities. A high-level summary of the APIs can be found in User-Management, and details of all options in the UserManager API docs.

      Using the UserManager API

      The most common uses of the UserManager API are creating and listing users:

      Creating Users
      	userMgr := cluster.Users()
      	user := gocb.User{
      		Username:    username,
      		DisplayName: "My Displayname",
      		Roles: []gocb.Role{
      			// Roles required for the reading of data from the bucket
      			{
      				Name:   "data_reader",
      				Bucket: "*",
      			},
      			{
      				Name:   "query_select",
      				Bucket: "*",
      			},
      			// Roles required for the writing of data into the bucket.
      			{
      				Name:   "data_writer",
      				Bucket: bucketName,
      			},
      			{
      				Name:   "query_insert",
      				Bucket: bucketName,
      			},
      			{
      				Name:   "query_delete",
      				Bucket: bucketName,
      			},
      			// Role required for the creation of indexes on the bucket.
      			{
      				Name:   "query_manage_index",
      				Bucket: bucketName,
      			},
      		},
      		Password: password,
      	}
      
      	err = userMgr.UpsertUser(user, nil)
      	if err != nil {
      		panic(err)
      	}
      Listing Users
      	users, err := userMgr.GetAllUsers(&gocb.GetAllUsersOptions{})
      	if err != nil {
      		panic(err)
      	}
      
      	for _, u := range users {
      		fmt.Printf("User's display name is: %s\n", u.DisplayName)
      		roles := u.Roles
      		for _, r := range roles {
      			fmt.Printf("	User has the role %s, applicable to bucket %s\n", r.Name, r.Bucket)
      		}
      	}

      Using a user created in the SDK to access data:

      	opts := gocb.ClusterOptions{
      		Authenticator: gocb.PasswordAuthenticator{
      			Username: username,
      			Password: password,
      		},
      	}
      	cluster, err := gocb.Connect(connString, opts)
      	if err != nil {
      		panic(err)
      	}
      	// For Server versions 6.5 or later you do not need to open a bucket here
      	bucket := cluster.Bucket(bucketName)
      	collection := bucket.Scope("inventory").Collection("airline")
      
      	err = cluster.QueryIndexes().CreatePrimaryIndex(bucketName, &gocb.CreatePrimaryQueryIndexOptions{
      		IgnoreIfExists: true,
      	})
      	if err != nil {
      		panic(err)
      	}
      
      	airline10, err := collection.Get("airline_10", nil)
      	if err != nil {
      		panic(err)
      	}
      
      	var airline interface{}
      	err = airline10.Content(&airline)
      	if err != nil {
      		panic(err)
      	}
      
      	fmt.Printf("Airline 10: %v\n", airline)
      
      	airline11 := map[string]interface{}{
      		"callsign": "MILE-AIR",
      		"iata":     "Q5",
      		"id":       11,
      		"name":     "40-Mile Air",
      		"type":     "airline",
      	}
      	_, err = collection.Upsert("airline_11", airline11, nil)
      	if err != nil {
      		panic(err)
      	}
      
      	queryRes, err := cluster.Query("SELECT * FROM `travel-sample`.inventory.airline LIMIT 5", nil)
      	if err != nil {
      		panic(err)
      	}
      
      	for queryRes.Next() {
      		var queryData interface{}
      		err = queryRes.Row(&queryData)
      		if err != nil {
      			panic(err)
      		}
      
      		fmt.Printf("Query row: %v\n", queryData)
      	}
      
      	cluster.Close(nil)

      From SDK 2.6, you can also perform password rotation on the currently authenticated user without the need for elevated permissions.

      The SDK instance becomes invalidated after changing the user’s password, so you need to re-authenticate your SDK client with the new password. If you don’t, you will start to see authentication errors.
      	opts := gocb.ClusterOptions{
      		Authenticator: gocb.PasswordAuthenticator{
      			Username: "Administrator",
      			Password: "password",
      		},
      	}
      	cluster, err := gocb.Connect("localhost", opts)
      	if err != nil {
      		panic(err)
      	}
      
      	bucket := cluster.Bucket("travel-sample")
      	collection := bucket.Scope("inventory").Collection("airline")
      
      	// Change the current user's password.
      	userMgr := cluster.Users()
      
      	newPassword := "newpassword"
      	if err := userMgr.ChangePassword(newPassword, &gocb.ChangePasswordOptions{}); err != nil {
      		panic(err)
      	}
      
      	// Reconnect your client
      	opts = gocb.ClusterOptions{
      		Authenticator: gocb.PasswordAuthenticator{
      			Username: "Administrator",
      			// Use the new password
      			Password: newPassword,
      		},
      	}
      	cluster, err = gocb.Connect("localhost", opts)
      	if err != nil {
      		panic(err)
      	}
      	fmt.Println("Successfully changed the user's password")
      
      	// Perform an operation with the newly authenticated user
      	_, err = collection.Get("airline_10", nil)
      	if err != nil {
      		panic(err)
      	}

      Further Reading

      The SDK also contains management APIs for dealing with Cluster resources.