GRANT

    +
    The GRANT statement allows granting any RBAC roles to a specific user.

    Roles can be of the following two types:

    simple

    Roles which apply generically to all buckets/resources in the cluster.

    For example: ClusterAdmin or BucketAdmin

    parameterized by a bucket

    Roles which are defined for the scope of the specified bucket only. The bucket name is specified after ON.

    For example: BucketReader ON `travel-sample`

    or Query_Select ON `travel-sample`

    Only Full Administrators can run the GRANT statement. For more details about user roles, see Authorization.

    Syntax

    GRANT role1   [, role2, ...]
       ON bucket1 [, bucket2, ...]
       TO user1   [, user2, ...];
    role

    RBAC-role[(bucket_name)]

    RBAC-role is one of the RBAC role names predefined by Couchbase Server.

    RBAC-user is the user name created by the Couchbase Server RBAC system.

    The following roles have short forms that can be used as well:

    • query_select → select

    • query_insert → insert

    • query_update → update

    • query_delete → delete

    bucket

    The name of your Couchbase or Memcached bucket or buckets.

    user

    RBAC-user in your bucket.

    GRANT statements support legacy systems and have two forms:

    1. Unparameterized Roles
    GRANT Replication Admin, Query External Access
       TO cchaplan, jgleason;
    
    GRANT replication_admin, query_external_access
       TO cchaplan, jgleason;
    2. Parameterized Roles
    GRANT Query Select, Views Admin
       ON orders, customers
       TO bill, linda;
    
    GRANT query_select, views_admin
       ON orders, customers
       TO bill, linda;
    Mixing of parameterized and unparameterized roles or syntax is not allowed and will create an error.

    Example 1: Grant the role of Cluster Administrator to three people.

    GRANT ClusterAdmin TO david, michael, robin;

    Example 2: Grant the roles of Cluster Administrator and Bucket Reader in the Travel Sample bucket to Debby.

    GRANT ClusterAdmin, BucketReader ON `travel-sample` TO debby;