Prevent password changes for CB users

Hello,

I have several users that have different access levels to different buckets, but all of them have console access. I’ve realized that they can change its password by default, is there any way to prevent them of changing its own password?

Thanks in advance,

Hello @isa_pr thank you for using Couchbase and participating in our community.

You can control user’s access to the web UI console by setting appropriate an RBAC role to the user. Using the Application Access role for example will allow a user to interact with data but not access the web UI. Documentation on roles and which ones have UI access is at Roles | Couchbase Docs

Note that even with this restriction a user could still change their own password from the REST API using,
http://localhost:8091/controller/changePassword documented at Setting Usernames and Passwords | Couchbase Docs

The suggestion here would be to use external authentication like LDAP, and manage access to who can change the passwords on the LDAP system.

Thank you,
Ian McCloy, Principal Product Manager, Couchbase

HI, thanks a lot for your answer.
Unfortunately, this particular user must have access through the console, and actually LDAP authentication is not an option to be used in my current environment. So, that’s why I’m trying to figure out if there is any option to prevent users on changing its own password. It is a userid used for several people (development team, in development environment) and I would like to restrict such an option, but I did not find out how to do it.

Hello isa_pr
There isn’t a way currently to prevent locally managed users from changing their passwords. I’ve created a tracking JIRA improvement at https://issues.couchbase.com/browse/MB-51684 which you can use to follow the progress of this improvement. We would really suggest creating individual user accounts and avoid sharing accounts, this is a standard industry-wide best practice for security.

Thank you,
Ian McCloy, Couchbase Principal Product Manager