Sample Code

The Node.js SDK now lets you create users, assign them roles and associated privileges, and remove them from the system.

User-Management APIs

Users who have been assigned the Admin role for the cluster are able to create, edit, and remove users. The Node.js SDK provides APIs to support these activities. A high-level summary of the APIs can be found in User-Management.

Node.js User-Management Example

The following code-example demonstrates how the user-management APIs can be used. It involves setting roles only available in the Enterprise Edition. For Community Edition, adjust roles accordingly.

It assumes that Couchbase Server is established on localhost; that the Full Administrator username and password are Administrator and password respectively; and that the travel-sample bucket is installed. For information on installing the travel-sample bucket, see Install Sample Buckets.

Use of the Full Administrator username and password gives an application complete access to all resources within the Couchbase Server-environment: use of the Full Administrator username and password may therefore be useful during code-development. However, for production purposes, the Full Administrator username and password should only be used when absolutely essential: in all other circumstances, the specified username and password should correspond to some lesser role, which appropriately delimits access to server-resources. Creation of such a role, and the establishment of its associated username and password, is demonstrated in the following code-example.
'use strict';

var couchbase = require('couchbase');

// Access the cluster that is running on the local host, authenticating with
// the username and password of the Full Administrator. This
// provides all privileges.
var cluster = new couchbase.Cluster('couchbase://localhost');

console.log('Authenticating as administrator.');
cluster.authenticate('Administrator', 'password');

// Create a user and assign roles.
console.log('Upserting new user');
cluster.manager().upsertUser('localhost', 'cbtestuser', {
    password: 'cbtestuserpwd',
    roles: [

        // Roles required for the reading of data from the bucket.
        {role: 'data_reader', bucket_name: 'travel-sample'},
        {role: 'query_select', bucket_name: 'travel-sample'},

        // Roles required for the writing of data into the bucket.
        {role: 'data_writer', bucket_name: 'travel-sample'},
        {role: 'query_insert', bucket_name: 'travel-sample'},
        {role: 'query_delete', bucket_name: 'travel-sample'},

        // Role require for the creation of indexes on the bucket.
        {role: 'query_manage_index', bucket_name: 'travel-sample'}
    ]
}, function(err) {
    if (err) {
        throw err;
    }

    // List current users.
    cluster.manager().getUsers(function(err, users) {
        if (err) {
            throw err;
        }

        for(var i = 0; i < users.length; ++i) {
            var user = users[i];

            console.log();
            console.log('USER #' + i + ':');

            if (users.hasOwnProperty('name')) {
            console.log('Users name is: ' + user.name);
            }

            console.log('Users id is: ' + user.id);
            console.log('Users domain is: ' + user.domain);
            console.log();
        }

        // Access the cluster that is running on the local host, specifying
        // the username and password already assigned by the administrator
        cluster.authenticate('cbtestuser', 'cbtestuserpwd');

        // Open a known, existing bucket (created by the administrator).
        console.log('Opening travel-sample bucket as user.');
        var travelSample = cluster.openBucket('travel-sample');

        // Create a N1QL Primary Index (but ignore if one already exists).
        travelSample.manager().createPrimaryIndex({
            ignoreIfExists: true
        }, function(err) {
            if (err) {
                throw err;
            }

            // Read out a known, existing document within the bucket (created
            // by the administrator).
            console.log('Reading out airline_10 document.');
            travelSample.get('airline_10', function(err, res) {
                if (err) {
                    throw err;
                }

                console.log('Found:');
                console.log(res);

                // Create a new document
                console.log('Creating new document as user.');
                var airline11Object = {
                    callsign: 'MILE-AIR',
                    iata: 'Q5',
                    icao: 'MLA',
                    id: 11,
                    name: '40-Mile Air',
                    type: 'airline'
                };

                // Upsert the document to the bucket.
                console.log('Upserting new document as user.');
                travelSample.upsert('airline_11', airline11Object, function(err) {
                    if (err) {
                        throw err;
                    }

                    console.log('Reading out airline11Document as user.');
                    travelSample.get('airline_11', function(err, res) {
                        if (err) {
                            throw err;
                        }

                        console.log('Found:');
                        console.log(res);

                        console.log('Performing query as user.');

                        travelSample.query(couchbase.N1qlQuery.fromString(
                            'SELECT * FROM `travel-sample` LIMIT 5'), function(err, rows) {
                                if (err) {
                                    throw err;
                                }

                            console.log('Query results are:');
                            for (var i = 0; i < rows.length; ++i) {
                                console.log(rows[i]);
                            }

                            // Access the cluster that is running on the local host,
                            // authenticating with the username and password of the Full
                            // Administrator. This provides all privileges.
                            console.log('Re-authenticating as administrator.');
                            cluster.authenticate('Administrator', 'password');

                            // Remove known user.
                            console.log('Removing user as administrator.');
                            var userToBeRemoved = 'cbtestuser';
                            cluster.manager().removeUser(userToBeRemoved, function(err) {
                                if (err) {
                                    console.log('Could not delete user ' + userToBeRemoved);
                                    throw err;
                                }

                                console.log('Deleted user ' + userToBeRemoved);

                                process.exit(0);
                            });
                        });
                    });
                });
            });
        });
    });
});