User permissions in Python SDK

Hello,

I’m using the python SDK to try to get and upsert cluster users using
user_mgr = cluster.users() and user_mgr.upsert_user(user). However, I am getting authentication errors, even when I try user_manager.get_all_users().

InternalServerFailureException: InternalServerFailureException(<ec=5, category=couchbase.common, message=internal_server_failure (5), context=HTTPErrorContext({'client_context_id': 'c45220-8815-cf47-1d55-30a448b71755c7', 'method': 'GET', 'path': '/settings/rbac/users/local', 'http_status': 403, 'http_body': '{"message":"Forbidden. User needs the following permissions","permissions":["cluster.admin.security!read"]}'}), C Source=/couchbase-python-client/src/management/user_management.cxx:638>)

To connect/authenticate to the cluster endpoint I’m using a user/password created in the Cluster Access settings of my cluster (via the capella dashboard), which should have read/write access in all clusters.

Is this not the type of user I’m supposed to connect with? If not, I’m a bit lost in where to find/create the correct user with the correct permissions.

Thanks in advance.

For Capella, you would need to use the management api. Management API Reference | Couchbase Docs

However - I don’t know if the user management api is exposed. There is a “Create User” here, but it appears to create a Cloud (i.e. AWS) user (not a Couchbase user). Perhaps the only way to add Couchbase users is via the UI?

There is an sample of using an older version of the management api here. spring-data-couchbase/src/test/java/org/springframework/data/couchbase/domain/CapellaConnectSample.java at d3f73323d454da84a1e45dfc4ebb067ef6029486 · spring-projects/spring-data-couchbase · GitHub

To add to @mreiche I think you are looking for the create database credentials using the Management API in Capella Management API Reference | Couchbase Docs

I ended up just using the API and not the SDK, so my problems are solved for now.