RBAC
- concept
RBAC restrict resources on a Couchbase cluster to an identified user, allocated by role.
Users, Resources, Roles, and Privileges
Couchbase Server Enterprise Edition uses Role-Based Access Control for applications to restrict resources on a Couchbase cluster to an identified user.
Each user who attempts resource-access is identified by means of the credentials they pass to Couchbase Server, for purposes of authentication: these consist of a username and (typically) a password. Once the user is authenticated, an authorization process checks the roles with which the user is associated. If one or more of these roles correspond to privileges that permit the user-requested level of resource-access, access is duly granted; otherwise, it is denied.
Users who have been assigned the Admin role for the cluster are able to create, edit, and remove users. The SDK provides APIs to support these activities.
Introductory examples in the SDK documentation use the Administrator user to ensure that developers can quickly get up and running; this should not be used in production. Elsewhere we use a general "user" which represents whichever permission levels are appropriate to your application. |
Further Information
All aspects of the Couchbase RBAC system are covered in the section Authorization. Specifically, for information on:
-
Adding Users and assigning roles, by means of the Couchbase Web Console, see Manage Users and Roles.
-
Roles required for resource-access, and the privileges they entail, see Roles.
-
Resources controlled by Couchbase RBAC, see Resources Under Access Control.