GRANT
The GRANT statement allows granting any RBAC roles to a specific user.
Roles can be of the following two types:
simple |
Roles which apply generically to all buckets/resources in the cluster. For example: |
parameterized by a bucket |
Roles which are defined for the scope of the specified bucket only. The bucket name is specified after ON. For example: or |
Only Full Administrators can run the GRANT statement. For more details about user roles, see Authorization. |
Syntax
GRANT role1 [, role2, ...] ON bucket1 [, bucket2, ...] TO user1 [, user2, ...];
- role
-
RBAC-role[(bucket_name)]
RBAC-role
is one of the RBAC role names predefined by Couchbase Server.RBAC-user
is the user name created by the Couchbase Server RBAC system.The following roles have short forms that can be used as well:
-
query_select → select
-
query_insert → insert
-
query_update → update
-
query_delete → delete
-
- bucket
-
The name of your Couchbase or Memcached bucket or buckets.
- user
-
RBAC-user
in your bucket.
GRANT statements support legacy systems and have two forms:
GRANT Replication Admin, Query External Access
TO cchaplan, jgleason;
GRANT replication_admin, query_external_access
TO cchaplan, jgleason;
GRANT Query Select, Views Admin
ON orders, customers
TO bill, linda;
GRANT query_select, views_admin
ON orders, customers
TO bill, linda;
Mixing of parameterized and unparameterized roles or syntax is not allowed and will create an error. |
Example 1: Grant the role of Cluster Administrator to three people.
GRANT ClusterAdmin TO david, michael, robin;
Example 2: Grant the roles of Cluster Administrator and Bucket Reader in the Travel Sample bucket to Debby.
GRANT ClusterAdmin, BucketReader ON `travel-sample` TO debby;