A newer version of this documentation is available.

View Latest

RBAC User Management

    Couchbase RBAC allows defined users to be assigned roles, which permit access to resources.

    Specifying Names

    Both role-names and user-names are case sensitive.

    Authentication Domains

    Couchbase Server assigns users to different authentication domains, based on whether their definition is local (that is, on Couchbase Server itself) or external (that is, by means of LDAP or PAM).

    For information, see Authentication.

    Creating Users

    Users can be created in the following ways:

    For restrictions on username-design, see Couchbase Passwords.

    Resetting a User Password

    A user’s password can be set in the following ways:

    Note that a default Couchbase password policy is provided: this can be modified by the Full Administrator. See the Couchbase CLI command setting-password-policy.

    For best practices for password-definition, see Couchbase Passwords.

    Viewing Users

    Currently defined users can be viewed in the following ways:

    Granting and Revoking Roles

    Roles can be granted and revoked as follows:

    • Granted: With the N1QL GRANT ROLE statement. See GRANT.

    • Revoked: With the N1QL REVOKE ROLE statement. See REVOKE.