Resources Under Access Control

Couchbase Server applies RBAC to a defined set of resources. The Couchbase Full Administrator can assign a role to a defined user; the role being associated with one ore more privileges either on an individual, named resource; or on all resources within a resource-type group.

Access-Controlled Resources

The following Couchbase Server-resources are always access-controlled:

  • Clusters.

  • XDCR Cluster References.

  • Query Service.

  • Analytics Shadow Data Sets.

  • System Catalogs. Including:

    The following diagnostics are provided:

    System Catalogs

    Monitoring Catalogs

    Security Catalogs

    Other

    These are only available using REST APIs.
  • Buckets. Note that buckets have three independently access-controllable features, each of which should be considered an individual resource-type:

    • Settings. Includes

      Bucket Type
      Ejection Method
      Conflict Resolution method
      Protocol Port
      Auto-Compaction
      Flush
      compact
      delete
    • Statistics. Includes ops, gets, sets, and deletes per second. Also includes information on memory-usage, disk-related activity, and status on indexing, querying, and XDCR activity.

    • Data. Includes data and meta-data for all objects within a bucket.

  • XDCR Bucket Replication.

  • Indexes. Including Views, Primary Indexes, Global Secondary Indexes, and Search Indexes.

  • UI Access. Allows login to Couchbase Web Console. The features available are role-dependent.

  • Curl Access. Allows execution of the N1QL CURL function by externally authenticated users.

  • Eventing. Allows configuration and scheduling of the Eventing Service.

  • Pools.