Security Management Overview

Networked access, by administrators, users, and applications: Can be secured with TLS, using dedicated Couchbase Server-ports. Ciphers, TLS levels, and console-access can be individually managed.

Authentication: Can be handled by passing credentials explicitly, or by means of client certificates. External (as well as Local) authentication-domains are supported: therefore, LDAP and PAM authentication-mechanisms can be used.

Authorization: Couchbase Role-Based Access Control ensures that each authenticated user is checked for the system-defined roles (and, by due association, privileges) they have been assigned. This allows access to be granted or denied them, based on the type of system-resource they are trying to access, and the operation they wish to perform.

Auditing: Can be enabled on actions performed on Couchbase Server, so that reviews can occur.

Certificates: These can be defined and established for the cluster. Additionally, certificates presented by clients attempting server-access can be permitted.

Logs: These can be redacted, ensuring that no private information is shared.

Sessions: Can be configured to terminate, following periods of user-inactivity.