Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

ALTER GROUP

  • reference
  • Couchbase Server 8.0
    +
    The ALTER GROUP statement enables you to update an existing group.

    Purpose

    Use the ALTER GROUP statement to modify an existing group within the Couchbase Server Role-Based Access Control (RBAC) system. You can update the group’s description and its roles. You can either add new roles or remove all the existing ones. When you update a role for a group, all users in the group inherit the updated permissions automatically.

    When you add new roles to a group, the ALTER GROUP statement replaces the group’s existing role assignments with the new ones you provide. It updates the entire role list, so any existing roles not included in the new list will be removed. If you want to add or remove specific roles without affecting the others, use the GRANT and REVOKE statements instead.

    RBAC Privileges

    To execute the ALTER GROUP statement, you must have either the Full Admin or the Security Admin role. For more information about user roles, see Authorization.

    Syntax

    alter-group ::= 'ALTER' 'GROUP' name ( 'WITH' description )? 
                ( 'ROLE' rbac-role | 'ROLES' rbac-role (',' rbac-role )* | 'NO' 'ROLES' )?
    Syntax diagram: refer to source code listing
    name

    (Required) The unique identifier of the group you want to update.
    description

    (Optional) A quoted string containing the updated description for the group.
    rbac-role

    (Optional) Update Roles

    When altering a group, you can update its roles using one of the following options: ROLE, ROLES, or NO ROLES. You can specify only one of these options per statement.

    • ROLE assigns a single role to the group.

    • ROLES assigns multiple roles to group (the names must be separated by commas).

    • NO ROLES removes all roles from the group.

    Update Roles

    rbac-role ::= role ( 'ON' keyspace-ref )?
    Syntax diagram: refer to source code listing
    role

    One of the RBAC role names predefined by Couchbase Server.

    The following roles have short forms that can be used as well:

    • query_selectselect

    • query_insertinsert

    • query_updateupdate

    • query_deletedelete
    keyspace-ref

    Keyspace Reference

    Keyspace Reference

    keyspace-ref ::= keyspace-path | keyspace-partial
    Syntax diagram: refer to source code listing 
    keyspace-path ::= ( namespace ':' )? bucket ( '.' scope '.' collection )?
    Syntax diagram: refer to source code listing 
    keyspace-partial ::= collection
    Syntax diagram: refer to source code listing

    Use keyspace reference to specify the target for the update. For more information about each element, see the Keyspace Reference section in the FROM clause.

    Examples

    Example 1. Alter a group and update its description
    ALTER GROUP support WITH "Support team for customer queries";
    Example 2. Alter a group and add new roles
    ALTER GROUP support
ROLES
query_select ON `travel-sample`.`inventory`.`airline`,
query_insert ON `travel-sample`.`inventory`.`airline`;
    Example 3. Alter a group and remove all roles
    ALTER GROUP support NO ROLES WITH "Currently unused group";