A newer version of this documentation is available.

View Latest

Resources Under Access Control

      Couchbase Server applies RBAC to a defined set of resources. The Couchbase Full Administrator can assign a role to a defined user; the role being associated with one ore more privileges either on an individual, named resource; or on all resources within a resource-type group.

      Access-Controlled Resources

      The following Couchbase Server-resources are always access-controlled:

      • Clusters.

      • XDCR Cluster References.

      • Query Service.

      • Analytics Shadow Data Sets.

      • System Catalogs. Including:

        The following diagnostics are provided:

        System Catalogs

        Monitoring Catalogs

        Security Catalogs


        These are only available using REST APIs.
      • Buckets. Note that buckets have three independently access-controllable features, each of which should be considered an individual resource-type:

        • Settings. Includes

          Bucket Type
          Ejection Method
          Conflict Resolution method
          Protocol Port
        • Statistics. Includes ops, gets, sets, and deletes per second. Also includes information on memory-usage, disk-related activity, and status on indexing, querying, and XDCR activity.

        • Data. Includes data and meta-data for all objects within a bucket.

      • XDCR Bucket Replication.

      • Indexes. Including Views, Primary Indexes, Global Secondary Indexes, and Search Indexes.

      • UI Access. Allows login to Couchbase Web Console. The features available are role-dependent.

      • Curl Access. Allows execution of the N1QL CURL function by externally authenticated users.

      • Eventing. Allows configuration and scheduling of the Eventing Service.

      • Pools.