Scope Management in Community Edition 7.0 via Java SDK

Can a scope and/or collection be created programmatically via Java SDK in Community Edition 7.0? Will bucket_full_access role do? Because scope_admin is not available in CE.
Thank you.

There are not separate versions of the SDKs for CE or EE. If a user can create a scope from the web ui, they should be able to create a scope from the SDK.

Right, same SDK but different set of roles. Besides, bucket_full_access doesn’t allow web ui access. Will bucket_full_access role be enough? Not clear what full access means, full access to data(read & write) or managing scopes/collections too?

If you have it all setup then you could give it a try. Otherwise I can try it when I get a chance.

I’d appreciate it if it’s not too much hassle that is.

With 7.6.2 CE and a user with:

# curl -su Administrator:password -X GET http://localhost:8091/settings/rbac/users|jq .
[
  {
    "id": "testuser",
    "domain": "local",
    "roles": [
      {
        "role": "bucket_full_access",
        "bucket_name": "*",
        "origins": [
          {
            "type": "user"
          }
        ]
      }
    ],
    "groups": [],
    "external_groups": [],
    "name": "",
    "uuid": "9ee8482c-6c69-496d-9b44-7cff1cbc60e0",
    "password_change_date": "2024-08-28T08:48:20.000Z"
  }
]

Attempting to create a scope yields:

# curl -su testuser:password -X POST http://localhost:8091/pools/default/buckets/default/scopes -d name=s1|jq .
{
  "message": "Forbidden. User needs the following permissions",
  "permissions": [
    "cluster.bucket[default].collections!write"
  ]
}

https://docs.couchbase.com/server/current/learn/security/roles.html#application-access notes:

Role: Application Access (bucket_full_access)

and

Note that in versions of Couchbase Server prior to 5.5, this role was referred to as Bucket Full Access

The current name is perhaps clearer as to what the role grants.

To manage scopes in CE you have to have the admin role.

HTH.

1 Like

Thank you very much!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.