It seems like it’s impossible with community edition to get advanced roles about a user/admin.
When I create a new user, I only got Admin, ReadOnly Admin and Bucket roles checkbox. So when I try to query with n1ql with the rest api, I can’t because I don’t have required permissions given by Query Roles -> Query Select checkbox.
I wonder why, it seems weird because n1ql queries looks like a basic functionnality on couchbase.
First of all, thank you for your product feedback!
With every release of Couchbase, we continue to delight our customers with new features, but also extend the Enterprise functionality of our products.
The behavior you are seeing is as designed, and detailed RBAC roles are only available in the EE edition.
That being said, compared to the previous versions of CE, in 5.0 CE, you can create multiple Couchbase user accounts (which is new), and add them to one of the Roles (Admin, ReadOnly Admin, and Bucket Full Admin). The Bucket Full Admin role was created to give the same effect as bucket passwords from the previous release (ie. full access to the documents inside the bucket).
Hope this helps, and we hope to see you upgrade to the EE version of Couchbase (contact : sales@couchbase.com) to get the full RBAC functionality.
It does mention that the full_access role is available to Community Edition as well as Enterprise but it doesn’t state that the other roles aren’t. Worse, under full_access, it states:
“Use of the Bucket Full Access role is deprecated for buckets created on Couchbase Server 5.0 and after: use the other bucket-access roles provided.”
Please state that this advice is only for Enterprise Edition and that on Community Edition, the Full Access role should be used.
Hi,
So the query API ( /query/service ) is by design not available in the community edition? Even an admin does not seem to hold the query_select role in the community edition. To the original posters point: the documentation could be clearer around this. For example: https://developer.couchbase.com/documentation/server/current/introduction/editions.html#couchbase-editions__core-data-access-api states that core data access APIs are available in both editions, so the query/service API must not be part of the core data APIs.
As a note: we do run EE in production, but use CE in our test environments. The query/service API would be useful for our QA folks, but we can work around that.