Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

CREATE GROUP

  • reference
  • Couchbase Server 8.0
    +
    The CREATE GROUP statement enables you to create a group.

    Purpose

    Use the CREATE GROUP statement to define a new group within the Couchbase Server Role-Based Access Control (RBAC) system. You can specify the group’s name, description, and assign it one or more roles.

    By creating groups, you can organize users and assign roles collectively. When you add users to a group, they automatically inherit the roles assigned to that group.

    RBAC Privileges

    To execute the CREATE GROUP statement, you must have either the Full Admin or the Security Admin role. For more information about user roles, see Authorization.

    Syntax

    create-group ::= 'CREATE' 'GROUP' ( 'IF' 'NOT' 'EXISTS' )? name 
                 ( 'WITH' description )? 
                 ( 'ROLE' rbac-role | 'ROLES' rbac-role ( ',' rbac-role )* | 'NO' 'ROLES' )
    Syntax diagram: refer to source code listing
    name

    (Required) The unique identifier for the new group.
    description

    (Optional) A quoted string containing the description for the group.
    rbac-role

    (Required) Add Roles

    When creating a group, you can grant roles to them using one of the following options: ROLE, ROLES, or NO ROLES. You can specify only one of these options per statement.

    • ROLE assigns a single role to the group.

    • ROLES assigns multiple roles to group (the names must be separated by commas).

    • NO ROLES creates a group with no roles assigned. This option has no effect during group creation.

    IF NOT EXISTS Clause

    The optional IF NOT EXISTS clause enables the statement to complete successfully when the specified group already exists. If a group with the same name already exists, then:

    • If this clause is not present, an error is generated.

    • If this clause is present, the statement does nothing and completes without error.

    Add Roles

    rbac-role ::= role ( 'ON' keyspace-ref )?
    Syntax diagram: refer to source code listing
    role

    One of the RBAC role names predefined by Couchbase Server.

    For the following roles, you can use their short forms as well:

    • query_selectselect

    • query_insertinsert

    • query_updateupdate

    • query_deletedelete
    keyspace-ref

    Keyspace Reference

    Keyspace Reference

    keyspace-ref ::= keyspace-path | keyspace-partial
    Syntax diagram: refer to source code listing 
    keyspace-path ::= ( namespace ':' )? bucket ( '.' scope '.' collection )?
    Syntax diagram: refer to source code listing 
    keyspace-partial ::= collection
    Syntax diagram: refer to source code listing

    Use keyspace reference to specify the target keyspace. For more information about each element, see the Keyspace Reference section in the FROM clause.

    Examples

    Example 1. Create a group sales and assign it the query_select role
    CREATE GROUP sales ROLE query_select ON `travel-sample`.`inventory`.`airline`;
    Example 2. Create a group travelagents and assign it multiple roles
    CREATE GROUP travelagents
WITH "Sample travel agents group"
ROLES data_reader ON `travel-sample`.`inventory`.`airline`,
select ON `travel-sample`.`inventory`.`landmark`;
    Example 3. Create a group support if it does not already exist
    CREATE GROUP IF NOT EXISTS support ROLE query_update
ON `travel-sample`.`inventory`.`airport`;