Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

User Management

    March 23, 2025
    + 12
    The Go SDK lets you create users, assign them roles and associated privileges, and remove them from the system.

    User-Management APIs

    Users who have been assigned the Admin role for the cluster are able to create, edit, and remove users. The Go SDK provides APIs to support these activities. A high-level summary of the APIs can be found in User-Management, and details of all options in the UserManager API docs.

    Using the UserManager API

    The most common uses of the UserManager API are creating and listing users:

    Creating Users
    golang
    ViewCopy
    	userMgr := cluster.Users()
	user := gocb.User{
		Username:    username,
		DisplayName: "My Displayname",
		Roles: []gocb.Role{
			// Roles required for the reading of data from the bucket
			{
				Name:   "data_reader",
				Bucket: "*",
			},
			{
				Name:   "query_select",
				Bucket: "*",
			},
			// Roles required for the writing of data into the bucket.
			{
				Name:   "data_writer",
				Bucket: bucketName,
			},
			{
				Name:   "query_insert",
				Bucket: bucketName,
			},
			{
				Name:   "query_delete",
				Bucket: bucketName,
			},
			// Role required for the creation of indexes on the bucket.
			{
				Name:   "query_manage_index",
				Bucket: bucketName,
			},
		},
		Password: password,
	}

	err = userMgr.UpsertUser(user, nil)
	if err != nil {
		panic(err)
	}
    Listing Users
    golang
    ViewCopy
    	users, err := userMgr.GetAllUsers(&gocb.GetAllUsersOptions{})
	if err != nil {
		panic(err)
	}

	for _, u := range users {
		fmt.Printf("User's display name is: %s\n", u.DisplayName)
		roles := u.Roles
		for _, r := range roles {
			fmt.Printf("	User has the role %s, applicable to bucket %s\n", r.Name, r.Bucket)
		}
	}

    Using a user created in the SDK to access data:

    golang
    ViewCopy
    	opts := gocb.ClusterOptions{
		Authenticator: gocb.PasswordAuthenticator{
			Username: username,
			Password: password,
		},
	}
	cluster, err := gocb.Connect(connString, opts)
	if err != nil {
		panic(err)
	}
	// For Server versions 6.5 or later you do not need to open a bucket here
	bucket := cluster.Bucket(bucketName)
	collection := bucket.Scope("inventory").Collection("airline")

	err = cluster.QueryIndexes().CreatePrimaryIndex(bucketName, &gocb.CreatePrimaryQueryIndexOptions{
		IgnoreIfExists: true,
	})
	if err != nil {
		panic(err)
	}

	airline10, err := collection.Get("airline_10", nil)
	if err != nil {
		panic(err)
	}

	var airline interface{}
	err = airline10.Content(&airline)
	if err != nil {
		panic(err)
	}

	fmt.Printf("Airline 10: %v\n", airline)

	airline11 := map[string]interface{}{
		"callsign": "MILE-AIR",
		"iata":     "Q5",
		"id":       11,
		"name":     "40-Mile Air",
		"type":     "airline",
	}
	_, err = collection.Upsert("airline_11", airline11, nil)
	if err != nil {
		panic(err)
	}

	queryRes, err := cluster.Query("SELECT * FROM `travel-sample`.inventory.airline LIMIT 5", nil)
	if err != nil {
		panic(err)
	}

	for queryRes.Next() {
		var queryData interface{}
		err = queryRes.Row(&queryData)
		if err != nil {
			panic(err)
		}

		fmt.Printf("Query row: %v\n", queryData)
	}

	cluster.Close(nil)

    From SDK 2.6, you can also perform password rotation on the currently authenticated user without the need for elevated permissions.

    The SDK instance becomes invalidated after changing the user’s password, so you need to re-authenticate your SDK client with the new password. If you don’t, you will start to see authentication errors. 
    golang
    ViewCopy
    	opts := gocb.ClusterOptions{
		Authenticator: gocb.PasswordAuthenticator{
			Username: "Administrator",
			Password: "password",
		},
	}
	cluster, err := gocb.Connect("localhost", opts)
	if err != nil {
		panic(err)
	}

	bucket := cluster.Bucket("travel-sample")
	collection := bucket.Scope("inventory").Collection("airline")

	// Change the current user's password.
	userMgr := cluster.Users()

	newPassword := "newpassword"
	if err := userMgr.ChangePassword(newPassword, &gocb.ChangePasswordOptions{}); err != nil {
		panic(err)
	}

	// Reconnect your client
	opts = gocb.ClusterOptions{
		Authenticator: gocb.PasswordAuthenticator{
			Username: "Administrator",
			// Use the new password
			Password: newPassword,
		},
	}
	cluster, err = gocb.Connect("localhost", opts)
	if err != nil {
		panic(err)
	}
	fmt.Println("Successfully changed the user's password")

	// Perform an operation with the newly authenticated user
	_, err = collection.Get("airline_10", nil)
	if err != nil {
		panic(err)
	}

    Further Reading

    The SDK also contains management APIs for dealing with Cluster resources.