A newer version of this documentation is available.

View Latest

Resources Under Access Control

    Couchbase Server applies RBAC to a defined set of resources. The Couchbase Full Administrator can assign a role to a defined user; the role being associated with one ore more privileges either on an individual, named resource; or on all resources within a resource-type group.

    Access-Controlled Resources

    The following Couchbase Server-resources are always access-controlled:

    • Clusters.

    • XDCR Cluster References.

    • Query Service.

    • Analytics Shadow Data Sets.

    • System Catalogs. Including:

      The following diagnostics are provided:

      System Catalogs

      Monitoring Catalogs

      Security Catalogs


      These are only available using REST APIs.
    • Buckets. Note that buckets have three independently access-controllable features, each of which should be considered an individual resource-type:

      • Settings. Includes

        Bucket Type
        Ejection Method
        Conflict Resolution method
        Protocol Port
      • Statistics. Includes ops, gets, sets, and deletes per second. Also includes information on memory-usage, disk-related activity, and status on indexing, querying, and XDCR activity.

      • Data. Includes data and meta-data for all objects within a bucket.

    • XDCR Bucket Replication.

    • Indexes. Including Views, Primary Indexes, Global Secondary Indexes, and Search Indexes.

    • UI Access. Allows login to Couchbase Web Console. The features available are role-dependent.

    • Curl Access. Allows execution of the N1QL CURL function by externally authenticated users.

    • Eventing. Allows configuration and scheduling of the Eventing Service.

    • Pools.