Resources Under Access Control
Couchbase Server applies RBAC to a defined set of resources. The Couchbase Full Administrator can assign a role to a defined user; the role being associated with one ore more privileges either on an individual, named resource; or on all resources within a resource-type group.
Access-Controlled Resources
The following Couchbase Server-resources are always access-controlled:
-
Clusters.
-
XDCR Cluster References.
-
Query Service.
-
Analytics Shadow Data Sets.
-
System Catalogs. Including:
The following diagnostics are provided:
System Catalogs
Monitoring Catalogs
Security Catalogs
-
system:nodes
Other
These are only available using REST APIs. -
Buckets. Note that buckets have three independently access-controllable features, each of which should be considered an individual resource-type:
-
Settings. Includes
- Bucket Type
- Ejection Method
- Conflict Resolution method
- Protocol Port
- Auto-Compaction
- Flush
- compact
- delete
-
Statistics. Includes ops, gets, sets, and deletes per second. Also includes information on memory-usage, disk-related activity, and status on indexing, querying, and XDCR activity.
-
Data. Includes data and meta-data for all objects within a bucket.
-
-
XDCR Bucket Replication.
-
Indexes. Including Views, Primary Indexes, Global Secondary Indexes, and Search Indexes.
-
UI Access. Allows login to Couchbase Web Console. The features available are role-dependent.
-
Curl Access. Allows execution of the N1QL CURL function by externally authenticated users.
-
Eventing. Allows configuration and scheduling of the Eventing Service.
-
Pools.