A newer version of this documentation is available.

RBAC User Management

Couchbase RBAC allows defined users to be assigned roles, which permit access to resources.

Specifying Names

Both role-names and user-names are case sensitive.

Authentication Domains

Couchbase Server assigns users to different authentication domains, based on whether their definition is local (that is, on Couchbase Server itself) or external (that is, by means of LDAP or PAM).

For information, see Authentication.

Creating Users

Users can be created in the following ways:

With the Couchbase Web Console: See Creating and Managing Users with the UI.
By means of the Couchbase CLI command user-manage.

For restrictions on username-design, see Couchbase Passwords.

Resetting a User Password

A user’s password can be set in the following ways:

With the Couchbase Web Console. See Creating and Managing Users with the UI.
By means of the Couchbase CLI command user-manage.

Note that a default Couchbase password policy is provided: this can be modified by the Full Administrator. See the Couchbase CLI command setting-password-policy.

For best practices for password-definition, see Couchbase Passwords.

Viewing Users

Currently defined users can be viewed in the following ways:

With the Couchbase Web Console. See Creating and Managing Users with the UI.

Granting and Revoking Roles

Roles can be granted and revoked as follows:

Granted: With the N1QL GRANT ROLE statement. See GRANT.
Revoked: With the N1QL REVOKE ROLE statement. See REVOKE.