V5.0 - NEW Role-Based Authentication - Bucket Passwords, etc

With the launch of Couchbase Server 5.0 comes a great new security feature called Role Based Access Control (RBAC). You’ll find the Security tab in the web UI where you can setup Users, with certain Roles (data read/write, bucket admin, etc) and all users must have a password.

This has some impact on how you have traditionally accessed your Buckets via the Couchbase SDK and more.

A very brief summary of what you need to know is here, but keep your questions coming on this thread as needed:

  1. All buckets must now be accessed by a user/password combination that has a role with access rights to the bucket.
  2. Buckets no longer use bucket-level passwords (caveat below)
  3. There is no default bucket and no sample buckets with blank passwords.
  4. You cannot create a user without a password.

Upgrading users get some special treatment:

  1. Bucket-level passwords are no more - but the upgrade process will:

    1. automatically create a user with the same name as the bucket
    2. will migrate your bucket password into the user password
    3. your app may still connect as before by specifying a bucket password (though it’s really not using a bucket-level password).
  2. Building from above, Passwordless buckets are gone! But don’t despair, if you upgraded, we will automatically create the user with a blank password for you. You can’t normally create a user without a password, but this is a convenience for upgrading users. Please create a password to ensure production security accordingly.

SDK Users

  • Continue to use your current SDK versions to access buckets where there is a user, with proper permissions, with the same name as the bucket.
  • Upgrade to the latest SDK versions to access the newer Authentication and User Management functions that are now available.

More details are coming soon in the SDK documentation and will be updated accordingly.

Please comment with questions, omissions, or corrections!

3 Likes