Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

CREATE GROUP

  • reference
  • Couchbase Server 8.0
The CREATE GROUP statement enables you to create a group.

Purpose

Use the CREATE GROUP statement to define a new group within the Couchbase Server Role-Based Access Control (RBAC) system. You can specify the group’s name, description, and assign it one or more roles.

By creating groups, you can organize users and assign roles collectively. When you add users to a group, they automatically inherit the roles assigned to that group.

RBAC Privileges

To execute the CREATE GROUP statement, you must have either the Full Admin or the Security Admin role. For more information about user roles, see Authorization.

Syntax

create-group ::= 'CREATE' 'GROUP' ( 'IF' 'NOT' 'EXISTS' )? name 
                 ( 'WITH' description )? 
                 ( 'ROLE' rbac-role | 'ROLES' rbac-role ( ',' rbac-role )* | 'NO' 'ROLES' )
Syntax diagram: refer to source code listing
name

(Required) The unique identifier for the new group.
description

(Optional) A quoted string containing the description for the group.
rbac-role

(Required) Add Roles

When creating a group, you can grant roles to them using one of the following options: ROLE, ROLES, or NO ROLES. You can specify only one of these options per statement.

  • ROLE assigns a single role to the group.

  • ROLES assigns multiple roles to group (the names must be separated by commas).

  • NO ROLES creates a group with no roles assigned. This option has no effect during group creation.

IF NOT EXISTS Clause

The optional IF NOT EXISTS clause enables the statement to complete successfully when the specified group already exists. If a group with the same name already exists, then:

  • If this clause is not present, an error is generated.

  • If this clause is present, the statement does nothing and completes without error.

Add Roles

rbac-role ::= role ( 'ON' keyspace-ref )?
Syntax diagram: refer to source code listing
role

One of the RBAC role names predefined by Couchbase Server.

For the following roles, you can use their short forms as well:

  • query_selectselect

  • query_insertinsert

  • query_updateupdate

  • query_deletedelete
keyspace-ref

Keyspace Reference

Keyspace Reference

keyspace-ref ::= keyspace-path | keyspace-partial
Syntax diagram: refer to source code listing 
keyspace-path ::= ( namespace ':' )? bucket ( '.' scope '.' collection )?
Syntax diagram: refer to source code listing 
keyspace-partial ::= collection
Syntax diagram: refer to source code listing

Use keyspace reference to specify the target keyspace. For more information about each element, see the Keyspace Reference section in the FROM clause.

Examples

Example 1. Create a group sales and assign it the query_select role
CREATE GROUP sales ROLE query_select ON `travel-sample`.`inventory`.`airline`;
Example 2. Create a group travelagents and assign it multiple roles
CREATE GROUP travelagents
WITH "Sample travel agents group"
ROLES data_reader ON `travel-sample`.`inventory`.`airline`,
select ON `travel-sample`.`inventory`.`landmark`;
Example 3. Create a group support if it does not already exist
CREATE GROUP IF NOT EXISTS support ROLE query_update
ON `travel-sample`.`inventory`.`airport`;