Security

Authentication: All administrators, users, and applications (all formally considered users) must authenticate, in order to gain server-access. Users can be authenticated by means of either the local or an external password-registry. Authentication can be achieved by either passing credentials directly to the server, or by using a client certificate, in which the credentials are embedded. Connections can be secured by means of SCRAM and TLS.

Authorization: Couchbase Server uses Role-Based Access Control (RBAC), to associate users with specifically assigned roles, these themselves corresponding to system-defined privileges, which allow degrees of access to specific system-resources. On authentication, a user’s roles are determined: if they allow the form of system-access the user is attempting, access is granted; otherwise, it is denied.

Auditing: Actions performed on Couchbase Server can be audited. This allows administrators to ensure that system-management tasks are being appropriately performed.