A newer version of this documentation is available.

View Latest

Internal Roles

Couchbase Full Administrator can set up the internal role of the Read-Only Administrator.

Setting up of the Read-Only Administrator does not require that LDAP authentication is enabled. Couchbase Full Administrator can create this role using the Couchbase Web Console and REST API.

Read-Only Administrator

The Read-Only Administrator in Couchbase read-only access and cannot make any changes to the system, nor can it access N1QL. The user can only view existing servers, buckets, views and monitor stats.

The Read-Only Administrator can do the following:

  • Cluster Overview

  • Design documents and view definitions but cannot query views.

  • List of XDCR replications and remote clusters.

  • Logged events under the Log tab but the user cannot Generate Diagnostic Report.

  • Settings for a cluster.

The Read-Only Administrator cannot perform these tasks:

  • Create or edit buckets

  • Add nodes to clusters

  • Change XDCR settings

  • Create views or see any stored data.

  • Any REST API calls which require administrator privileges will fail and return an error for this user.

    The server sends an HTTP 401 error if an unauthorized user performs a REST POST or DELETE request that changes cluster, bucket, XDCR, or node settings:

    HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="Couchbase Server Admin / REST"
  • All SDKs require that a client connects with bucket-level credentials. Therefore, the Read-Only Administrator cannot set up a Couchbase SDK to connect to the server.

Add a Read-Only Administrator via UI

To assign the Read-Only Administrator’s role to a user:

  1. Select Security  Internal User/Roles.

    readonly admin
  2. In the dialog box, enter the Read-Only Administrator’s credentials: username and password.

  3. Click on Create to create the user.