{"id":2997,"date":"2017-03-17T11:08:51","date_gmt":"2017-03-17T18:08:51","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=2997"},"modified":"2025-06-13T19:29:14","modified_gmt":"2025-06-14T02:29:14","slug":"authentication-authorization-rbac","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/pt\/authentication-authorization-rbac\/","title":{"rendered":"Autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o com RBAC"},"content":{"rendered":"<div class=\"paragraph\">\n<p>Na vers\u00e3o de desenvolvedor de mar\u00e7o, voc\u00ea pode come\u00e7ar a ver algumas mudan\u00e7as importantes na autentica\u00e7\u00e3o e na autoriza\u00e7\u00e3o dentro do RBAC (Role Based Access Control, Controle de Acesso Baseado em Fun\u00e7\u00e3o) chegando ao Couchbase Server. Essas altera\u00e7\u00f5es s\u00e3o um trabalho em andamento: a compila\u00e7\u00e3o do desenvolvedor \u00e9 essencialmente uma compila\u00e7\u00e3o noturna que \u00e9 liberada para o p\u00fablico. Mas h\u00e1 algumas coisas boas no RBAC que valem a pena ficar animadas!<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>Ir <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/downloads\/\">Fa\u00e7a o download da vers\u00e3o de desenvolvedor 5.0.0 de mar\u00e7o do Couchbase Server<\/a> Hoje. Certifique-se de clicar na guia \"Desenvolvedor\" para obter a vers\u00e3o de desenvolvedor (DB) e dar uma olhada nela. Voc\u00ea ainda tem tempo para nos dar um feedback antes do lan\u00e7amento oficial.<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p><em>Lembre-se de que estou escrevendo esta postagem do blog em vers\u00f5es iniciais, e algumas coisas podem sofrer pequenas altera\u00e7\u00f5es quando voc\u00ea receber o lan\u00e7amento, e algumas coisas ainda podem apresentar erros.<\/em><\/p>\n<\/div>\n<div class=\"sect1\">\n<h2 id=\"_authentication_and_authorization\">Autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o<\/h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>Apenas um lembrete r\u00e1pido da diferen\u00e7a entre autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o:<\/p>\n<\/div>\n<div class=\"ulist\">\n<ul>\n<li><strong>Autentica\u00e7\u00e3o<\/strong> \u00e9 o processo de identifica\u00e7\u00e3o de que um usu\u00e1rio \u00e9 quem ele diz ser.<\/li>\n<li><strong>Autoriza\u00e7\u00e3o<\/strong> \u00e9 o processo de garantir que o usu\u00e1rio tenha permiss\u00e3o para fazer o que est\u00e1 tentando fazer.<\/li>\n<\/ul>\n<\/div>\n<div class=\"paragraph\">\n<p>Se voc\u00ea j\u00e1 usou o Couchbase antes, est\u00e1 familiarizado com o login no que \u00e0s vezes chamamos de \"Admin Web Console\".<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p><span class=\"image\"><img decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2017\/03\/05901-Couchbase-Web-Console.png\" alt=\"Couchbase authentication screen\" \/><\/span><\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>No entanto, o Console da Web n\u00e3o \u00e9 apenas para administradores, mas tamb\u00e9m para desenvolvedores. Mas, at\u00e9 agora, voc\u00ea n\u00e3o tinha muito controle incorporado ao Couchbase sobre quem pode fazer login e (o que \u00e9 mais importante) o que eles podem fazer.<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>Portanto, gostaria de apresentar a voc\u00ea o novo recurso de usu\u00e1rio de primeira classe do Couchbase.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"sect1\">\n<h2 id=\"_users\">Usu\u00e1rios<\/h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>Ainda h\u00e1 um usu\u00e1rio administrador completo. Esse \u00e9 o login que voc\u00ea cria quando instala o Couchbase pela primeira vez. Esse \u00e9 o usu\u00e1rio que n\u00e3o tem restri\u00e7\u00f5es e pode fazer qualquer coisa, inclusive criar novos usu\u00e1rios. Assim, por exemplo, um administrador completo pode ver o link \"Security\" (Seguran\u00e7a) na navega\u00e7\u00e3o, enquanto outros usu\u00e1rios n\u00e3o podem.<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p><span class=\"image\"><img decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2017\/03\/05902-Security-Link-Web-Console.gif\" alt=\"Security link to manage authentication and authorization\" \/><\/span><\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>Agora, uma vez nessa p\u00e1gina de seguran\u00e7a, voc\u00ea pode adicionar, editar e excluir usu\u00e1rios.<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>A <strong>usu\u00e1rio<\/strong> pode identificar uma pessoa, mas tamb\u00e9m pode identificar algum servi\u00e7o ou processo. Por exemplo, se estiver escrevendo um aplicativo ASP.NET, talvez queira criar um usu\u00e1rio com um conjunto limitado de permiss\u00f5es chamado \"web-service\". Portanto, as credenciais para esse \"usu\u00e1rio\" n\u00e3o seriam para uma pessoa, mas para um aplicativo ASP.NET.<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>Em seguida, tente adicionar um novo usu\u00e1rio do Couchbase clicando em \"+ Adicionar usu\u00e1rio\". Vou criar um usu\u00e1rio chamado \"fts_admin\", com um nome de \"Full Text Search Admin\", uma senha e uma \u00fanica fun\u00e7\u00e3o: FTS Admin do bucket de amostra de viagem (FTS = Full Text Search).<\/p>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"sect1\">\n<h2 id=\"_adding_a_new_user\">Adi\u00e7\u00e3o de um novo usu\u00e1rio<\/h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>Aqui est\u00e1 uma anima\u00e7\u00e3o da adi\u00e7\u00e3o desse usu\u00e1rio:<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p><span class=\"image\"><img decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2017\/03\/05903-Add-New-User.gif\" alt=\"Add a new user with Couchbase authentication\" \/><\/span><\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>Algumas observa\u00e7\u00f5es sobre a anima\u00e7\u00e3o acima:<\/p>\n<\/div>\n<div class=\"ulist\">\n<ul>\n<li>Selecionei \"Couchbase\" em vez de \"External\". External destina-se \u00e0 integra\u00e7\u00e3o com LDAP. Observe que \"Couchbase\" (autentica\u00e7\u00e3o interna) provavelmente se tornar\u00e1 o padr\u00e3o em vers\u00f5es futuras.<\/li>\n<li>O FTS Admin d\u00e1 ao usu\u00e1rio permiss\u00e3o para fazer tudo com as pesquisas de texto completo: criar, modificar, excluir e execut\u00e1-las.<\/li>\n<li>Concedi a permiss\u00e3o FTS Admin somente para o bucket de amostra de viagem. Se eu selecionasse \"all\", isso concederia permiss\u00e3o a todos os buckets, mesmo os criados no futuro.<\/li>\n<li>Os usu\u00e1rios com a fun\u00e7\u00e3o FTS Searcher s\u00f3 t\u00eam acesso para executar pesquisas, n\u00e3o para modific\u00e1-las ou cri\u00e1-las.<\/li>\n<\/ul>\n<\/div>\n<div class=\"paragraph\">\n<p>Mais informa\u00e7\u00f5es sobre a diferen\u00e7a entre o FTS Admin e o FTS Searcher mais adiante.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"sect1\">\n<h2 id=\"_logging_in_as_a_new_user\">Fazer login como um novo usu\u00e1rio<\/h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>Agora que esse usu\u00e1rio foi criado, posso fazer login como fts_admin. A autentica\u00e7\u00e3o desse usu\u00e1rio \u00e9 tratada no Couchbase.<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p><span class=\"image\"><img decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2017\/03\/05904-Login-as-new-user.gif\" alt=\"Login with Couchbase authentication\" \/><\/span><\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>Primeiro, na anima\u00e7\u00e3o acima, observe que o usu\u00e1rio fts_admin tem um conjunto muito mais limitado de op\u00e7\u00f5es em compara\u00e7\u00e3o com o usu\u00e1rio administrador completo.<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>Em seguida, vale a pena ressaltar que os usu\u00e1rios podem redefinir suas senhas:<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p><span class=\"image\"><img decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2017\/03\/05905-Reset-password.png\" alt=\"Reset password\" \/><\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"sect1\">\n<h2 id=\"_creating_an_fts_index\">Cria\u00e7\u00e3o de um \u00edndice FTS<\/h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>Como j\u00e1 criei um usu\u00e1rio fts_admin com o par\u00e2metro <strong>Administrador do FTS<\/strong> criarei outro usu\u00e1rio chamado fts_searcher que tenha apenas a fun\u00e7\u00e3o <strong>Pesquisador FTS<\/strong> para o balde de amostras de viagem.<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p><span class=\"image\"><img decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2017\/03\/05906-List-of-users.png\" alt=\"List of users\" \/><\/span><\/p>\n<\/div>\n<div class=\"sect2\">\n<h3 id=\"_using_the_rest_api_for_fts\">Uso da API REST para FTS<\/h3>\n<div class=\"paragraph\">\n<p>Vou usar a API REST para demonstrar que esses usu\u00e1rios s\u00e3o limitados pelas fun\u00e7\u00f5es que lhes dei. <em>Se precisar de uma atualiza\u00e7\u00e3o sobre a API REST, voc\u00ea pode consultar a <a href=\"https:\/\/developer.couchbase.com\/documentation\/server\/current\/rest-api\/rest-fts.html\">documenta\u00e7\u00e3o da API de pesquisa de texto completo<\/a>. Observe tamb\u00e9m que estou usando a API REST porque h\u00e1 alguns bugs na interface do usu\u00e1rio no momento em que estou escrevendo este texto.<\/em><\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>Vamos come\u00e7ar criando um novo \u00edndice de pesquisa de texto completo (FTS). Farei isso por meio de <a href=\"https:\/\/www.getpostman.com\/\">Carteiro<\/a>mas voc\u00ea pode usar <a href=\"https:\/\/curl.haxx.se\/\">enrolar<\/a> ou <a href=\"https:\/\/www.telerik.com\/fiddler\">Violinista<\/a> ou qualquer ferramenta REST de sua prefer\u00eancia.<\/p>\n<\/div>\n<\/div>\n<div class=\"sect2\">\n<h3 id=\"_create_an_fts_index\">Criar um \u00edndice FTS<\/h3>\n<div class=\"paragraph\">\n<p>Para criar um \u00edndice com a API REST, preciso fazer uma solicita\u00e7\u00e3o PUT para o arquivo <code>\/api\/index\/<\/code> ponto final.<\/p>\n<\/div>\n<div class=\"ulist\">\n<ul>\n<li>Primeiro, criarei um \u00edndice para o tipo \"hotel\" no bucket de amostra de viagem, portanto, farei um PUT para <code>\/api\/index\/hot\u00e9is<\/code><\/li>\n<li>Al\u00e9m disso, as credenciais podem ser colocadas no URL para usar a autentica\u00e7\u00e3o b\u00e1sica<\/li>\n<li>Al\u00e9m disso, os pontos de extremidade REST est\u00e3o dispon\u00edveis na porta 8094<\/li>\n<\/ul>\n<\/div>\n<div class=\"paragraph\">\n<p>Por fim, o URL da solicita\u00e7\u00e3o PUT deve ser semelhante a este:<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p><code><a class=\"bare\" href=\"https:\/\/fts_searcher:password@192.168.1.10:8094\/api\/index\/hotels\">https:\/\/fts_searcher:password@192.168.1.10:8094\/api\/index\/hotels<\/a><\/code><\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>O corpo do PUT \u00e9 um grande objeto JSON. Abaixo est\u00e1 parte dele. Voc\u00ea pode encontrar o <a href=\"https:\/\/github.com\/couchbaselabs\/blog-source-code\/blob\/master\/Groves\/059SpockRBAC\/src\/newsearchindex.json\">vers\u00e3o completa no GitHub<\/a> para voc\u00ea experimentar.<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre class=\"highlight decode:true\"><code class=\"language-JavaScript\">{\r\n  \"type\": \"fulltext-index\",\r\n  \"name\": \"hotels\",\r\n  \"sourceType\": \"couchbase\",\r\n  \"sourceName\": \"travel-sample\",\r\n\r\n\/\/ ... snip ...\r\n\r\n}<\/code><\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>Normalmente, voc\u00ea pode criar isso por meio da interface do usu\u00e1rio em vez de ter que criar o JSON manualmente. N\u00e3o vou entrar em muitos detalhes sobre o FTS nesta postagem, pois meu objetivo \u00e9 demonstrar os novos recursos de autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o, e n\u00e3o o FTS em si.<\/p>\n<\/div>\n<\/div>\n<div class=\"sect2\">\n<h3 id=\"_trying_to_create_an_index_without_authorization\">Tentativa de criar um \u00edndice sem autoriza\u00e7\u00e3o<\/h3>\n<div class=\"paragraph\">\n<p>Observe que estou usando fts_searcher como usu\u00e1rio. Sei que fts_searcher n\u00e3o deveria ter permiss\u00e3o para criar \u00edndices, portanto, eu esperaria um 403. E \u00e9 exatamente isso que recebo.<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre class=\"highlight decode:true\"><code class=\"language-JavaScript\">{\r\n  \"message\": \"Forbidden. User needs one of the following permissions\",\r\n  \"permissions\": [\r\n    \"cluster.bucket[travel-sample].fts!write\"\r\n  ]\r\n}<\/code><\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>Portanto, embora a autentica\u00e7\u00e3o tenha funcionado, esse usu\u00e1rio n\u00e3o tem a autoriza\u00e7\u00e3o necess\u00e1ria.<\/p>\n<\/div>\n<\/div>\n<div class=\"sect2\">\n<h3 id=\"_creating_an_index_with_authorization\">Cria\u00e7\u00e3o de um \u00edndice com autoriza\u00e7\u00e3o<\/h3>\n<div class=\"paragraph\">\n<p>Vou tentar novamente com o fts_admin:<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p><code><a class=\"bare\" href=\"https:\/\/fts_admin:password@192.168.1.10:8094\/api\/index\/hotels\">https:\/\/fts_admin:password@192.168.1.10:8094\/api\/index\/hotels<\/a><\/code><\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>E, supondo que um \u00edndice chamado \"hotels\" ainda n\u00e3o exista, voc\u00ea receber\u00e1 um 200, e isso no corpo da resposta:<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre class=\"highlight decode:true\"><code class=\"language-JavaScript\">{\r\n  \"status\": \"ok\"\r\n}<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"sect1\">\n<h2 id=\"_using_the_fts_index\">Usando o \u00edndice FTS<\/h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>Em seguida, vamos usar a API REST para pesquisar no \u00edndice a palavra \"breakfast\" (caf\u00e9 da manh\u00e3).<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>Primeiro, fa\u00e7a um POST para o <code>\/api\/index\/hotels\/query<\/code> novamente com as credenciais e o n\u00famero da porta adequados.<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p><code><a class=\"bare\" href=\"https:\/\/fts_admin:password@192.168.1.10:8094\/api\/index\/hotels\/query\">https:\/\/fts_admin:password@192.168.1.10:8094\/api\/index\/hotels\/query<\/a><\/code><\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>ou<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p><code><a class=\"bare\" href=\"https:\/\/fts_searcher:password@192.168.1.10:8094\/api\/index\/hotels\/query\">https:\/\/fts_searcher:password@192.168.1.10:8094\/api\/index\/hotels\/query<\/a><\/code><\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>Ambos os usu\u00e1rios devem ser capazes de executar uma pesquisa usando esse \u00edndice.<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>Em seguida, no corpo do POST deve haver um objeto JSON simples. Novamente, voc\u00ea normalmente n\u00e3o precisa criar isso manualmente - o SDK de sua prefer\u00eancia ou a interface do usu\u00e1rio do console da Web pode fazer isso para voc\u00ea.<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre class=\"highlight decode:true\"><code class=\"language-JavaScript\">{\r\n  \"explain\": true,\r\n  \"fields\": [\r\n    \"*\"\r\n  ],\r\n  \"highlight\": {},\r\n  \"query\": {\r\n    \"query\": \"breakfast\"\r\n  }\r\n}<\/code><\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>Por fim, o resultado dessa solicita\u00e7\u00e3o de pesquisa ser\u00e1 uma grande resposta JSON. D\u00ea uma olhada nos \"hits\" <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/subdoc-explained\/\">subdocumento<\/a> para \"fragmentos\" para verificar se a pesquisa funcionou. Aqui est\u00e1 um trecho da minha pesquisa por \"breakfast\" (caf\u00e9 da manh\u00e3). Novamente, o <a href=\"https:\/\/github.com\/couchbaselabs\/blog-source-code\/blob\/master\/Groves\/059SpockRBAC\/src\/searchresults.json\">O resultado completo est\u00e1 no Github<\/a>.<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre class=\"highlight decode:true\"><code class=\"language-JavaScript\">\/\/ ... snip ...\r\n\r\n        \"reviews.content\": [\r\n          \"\u00e2\u20ac\u00a6 to watch TV. &lt;mark&gt;Breakfast&lt;\/mark&gt; was served every morning along with a copy of the Times-Picayune. I took my &lt;mark&gt;breakfast&lt;\/mark&gt; downstairs in the patio, the coffee was very good. The continental &lt;mark&gt;breakfast&lt;\/mark&gt; is nothing to\u00e2\u20ac\u00a6\"\r\n        ]\r\n      },\r\n\r\n\/\/ ... snip ...<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"sect1\">\n<h2 id=\"_this_is_a_preview_expect_some_bugs\">Esta \u00e9 uma pr\u00e9via, espere alguns bugs!<\/h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>H\u00e1 alguns bugs e alguns recursos incompletos.<\/p>\n<\/div>\n<div class=\"ulist\">\n<ul>\n<li>Mostrei as fun\u00e7\u00f5es do FTS aqui de prop\u00f3sito. Isso se deve ao fato de que as outras fun\u00e7\u00f5es ainda n\u00e3o est\u00e3o totalmente formadas. Experimente-as e diga-nos o que achou, mas lembre-se de que elas n\u00e3o est\u00e3o em sua forma final. A FTS est\u00e1 mais pr\u00f3xima de estar pronta.<\/li>\n<li>Vi alguns problemas quando fazer login como usu\u00e1rio n\u00e3o administrador faz com que o console da Web se comporte mal. Por esse motivo, mostrei o exemplo REST acima em vez de confiar na interface do usu\u00e1rio.<\/li>\n<li>Por fim, pode haver outros erros que ainda n\u00e3o conhecemos. Por favor, nos informe! Voc\u00ea pode registrar um problema em nosso <a href=\"https:\/\/issues.couchbase.com\">Sistema JIRA em issues.couchbase.com<\/a> ou envie uma pergunta no <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/forums\/\">F\u00f3runs do Couchbase<\/a>. Ou entre em contato comigo com uma descri\u00e7\u00e3o do problema. Terei prazer em ajud\u00e1-lo ou enviar o bug para voc\u00ea (meus gerentes do Couchbase me enviam um bolo quando envio um bom bug).<\/li>\n<\/ul>\n<\/div>\n<div class=\"paragraph\">\n<p>Se tiver d\u00favidas, a melhor maneira de entrar em contato comigo \u00e9 <a href=\"https:\/\/twitter.com\/mgroves\">Twitter @mgroves<\/a> ou envie-me um e-mail <a href=\"mailto:matthew.groves@couchbase.com\">matthew.groves@couchbase.com<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>In March\u2019s developer build, you can start to see some major changes to authentication and authorization within Role Based Access Control (RBAC) coming to Couchbase Server. These changes are a work in progress: the developer build is essentially a nightly [&hellip;]<\/p>","protected":false},"author":71,"featured_media":10349,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1816,1813],"tags":[1455,1456,1903],"ppma_author":[8937],"class_list":["post-2997","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-couchbase-server","category-security","tag-authentication","tag-authorization","tag-rbac"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.8 (Yoast SEO v25.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Authentication and Authorization with RBAC - The Couchbase Blog<\/title>\n<meta name=\"description\" content=\"In March&#039;s developer build, you can start to see some major changes to authentication and authorization within RBAC coming to Couchbase Server.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/pt\/authentication-authorization-rbac\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Authentication and Authorization with RBAC\" \/>\n<meta property=\"og:description\" content=\"In March&#039;s developer build, you can start to see some major changes to authentication and authorization within RBAC coming to Couchbase Server.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/pt\/authentication-authorization-rbac\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-03-17T18:08:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T02:29:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2017\/11\/blogbanner-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1575\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Matthew Groves\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@mgroves\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Matthew Groves\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/\"},\"author\":{\"name\":\"Matthew Groves\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/3929663e372020321b0152dc4fa65a58\"},\"headline\":\"Authentication and Authorization with RBAC\",\"datePublished\":\"2017-03-17T18:08:51+00:00\",\"dateModified\":\"2025-06-14T02:29:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/\"},\"wordCount\":1303,\"commentCount\":5,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2017\/11\/blogbanner-2.jpg\",\"keywords\":[\"authentication\",\"authorization\",\"RBAC\"],\"articleSection\":[\"Couchbase Server\",\"Security\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/\",\"name\":\"Authentication and Authorization with RBAC - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2017\/11\/blogbanner-2.jpg\",\"datePublished\":\"2017-03-17T18:08:51+00:00\",\"dateModified\":\"2025-06-14T02:29:14+00:00\",\"description\":\"In March's developer build, you can start to see some major changes to authentication and authorization within RBAC coming to Couchbase Server.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2017\/11\/blogbanner-2.jpg\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2017\/11\/blogbanner-2.jpg\",\"width\":1575,\"height\":628},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Authentication and Authorization with RBAC\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/3929663e372020321b0152dc4fa65a58\",\"name\":\"Matthew Groves\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/ba51e6aacc53995c323a634e4502ef54\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/70feb1b28a099ad0112b8d21fe1e81e1a4524beed3e20b7f107d5370e85a07ab?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/70feb1b28a099ad0112b8d21fe1e81e1a4524beed3e20b7f107d5370e85a07ab?s=96&d=mm&r=g\",\"caption\":\"Matthew Groves\"},\"description\":\"Matthew D. Groves is a guy who loves to code. It doesn't matter if it's C#, jQuery, or PHP: he'll submit pull requests for anything. He has been coding professionally ever since he wrote a QuickBASIC point-of-sale app for his parent's pizza shop back in the 90s. He currently works as a Senior Product Marketing Manager for Couchbase. His free time is spent with his family, watching the Reds, and getting involved in the developer community. He is the author of AOP in .NET, Pro Microservices in .NET, a Pluralsight author, and a Microsoft MVP.\",\"sameAs\":[\"https:\/\/crosscuttingconcerns.com\",\"https:\/\/x.com\/mgroves\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/pt\/author\/matthew-groves\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Authentication and Authorization with RBAC - The Couchbase Blog","description":"In March's developer build, you can start to see some major changes to authentication and authorization within RBAC coming to Couchbase Server.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/pt\/authentication-authorization-rbac\/","og_locale":"pt_BR","og_type":"article","og_title":"Authentication and Authorization with RBAC","og_description":"In March's developer build, you can start to see some major changes to authentication and authorization within RBAC coming to Couchbase Server.","og_url":"https:\/\/www.couchbase.com\/blog\/pt\/authentication-authorization-rbac\/","og_site_name":"The Couchbase Blog","article_published_time":"2017-03-17T18:08:51+00:00","article_modified_time":"2025-06-14T02:29:14+00:00","og_image":[{"width":1575,"height":628,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2017\/11\/blogbanner-2.jpg","type":"image\/jpeg"}],"author":"Matthew Groves","twitter_card":"summary_large_image","twitter_creator":"@mgroves","twitter_misc":{"Written by":"Matthew Groves","Est. reading time":"8 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/"},"author":{"name":"Matthew Groves","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/3929663e372020321b0152dc4fa65a58"},"headline":"Authentication and Authorization with RBAC","datePublished":"2017-03-17T18:08:51+00:00","dateModified":"2025-06-14T02:29:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/"},"wordCount":1303,"commentCount":5,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2017\/11\/blogbanner-2.jpg","keywords":["authentication","authorization","RBAC"],"articleSection":["Couchbase Server","Security"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/","url":"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/","name":"Authentication and Authorization with RBAC - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2017\/11\/blogbanner-2.jpg","datePublished":"2017-03-17T18:08:51+00:00","dateModified":"2025-06-14T02:29:14+00:00","description":"In March's developer build, you can start to see some major changes to authentication and authorization within RBAC coming to Couchbase Server.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2017\/11\/blogbanner-2.jpg","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2017\/11\/blogbanner-2.jpg","width":1575,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Authentication and Authorization with RBAC"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"Blog do Couchbase","description":"Couchbase, o banco de dados NoSQL","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"Blog do Couchbase","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/3929663e372020321b0152dc4fa65a58","name":"Matthew Groves","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/ba51e6aacc53995c323a634e4502ef54","url":"https:\/\/secure.gravatar.com\/avatar\/70feb1b28a099ad0112b8d21fe1e81e1a4524beed3e20b7f107d5370e85a07ab?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/70feb1b28a099ad0112b8d21fe1e81e1a4524beed3e20b7f107d5370e85a07ab?s=96&d=mm&r=g","caption":"Matthew Groves"},"description":"Matthew D. Groves \u00e9 um cara que adora programar. N\u00e3o importa se \u00e9 C#, jQuery ou PHP: ele enviar\u00e1 solicita\u00e7\u00f5es de pull para qualquer coisa. Ele tem programado profissionalmente desde que escreveu um aplicativo de ponto de venda QuickBASIC para a pizzaria de seus pais nos anos 90. Atualmente, ele trabalha como gerente s\u00eanior de marketing de produtos da Couchbase. Seu tempo livre \u00e9 passado com a fam\u00edlia, assistindo aos Reds e participando da comunidade de desenvolvedores. Ele \u00e9 autor de AOP in .NET, Pro Microservices in .NET, autor da Pluralsight e Microsoft MVP.","sameAs":["https:\/\/crosscuttingconcerns.com","https:\/\/x.com\/mgroves"],"url":"https:\/\/www.couchbase.com\/blog\/pt\/author\/matthew-groves\/"}]}},"authors":[{"term_id":8937,"user_id":71,"is_guest":0,"slug":"matthew-groves","display_name":"Matthew Groves","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/70feb1b28a099ad0112b8d21fe1e81e1a4524beed3e20b7f107d5370e85a07ab?s=96&d=mm&r=g","author_category":"","last_name":"Groves","first_name":"Matthew","job_title":"","user_url":"https:\/\/crosscuttingconcerns.com","description":"Matthew D. Groves \u00e9 um cara que adora programar.  N\u00e3o importa se \u00e9 C#, jQuery ou PHP: ele enviar\u00e1 solicita\u00e7\u00f5es de pull para qualquer coisa.  Ele tem programado profissionalmente desde que escreveu um aplicativo de ponto de venda QuickBASIC para a pizzaria de seus pais nos anos 90.  Atualmente, ele trabalha como gerente s\u00eanior de marketing de produtos da Couchbase. Seu tempo livre \u00e9 passado com a fam\u00edlia, assistindo aos Reds e participando da comunidade de desenvolvedores.  Ele \u00e9 autor de AOP in .NET, Pro Microservices in .NET, autor da Pluralsight e Microsoft MVP."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/2997","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/users\/71"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/comments?post=2997"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/2997\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media\/10349"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media?parent=2997"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/categories?post=2997"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/tags?post=2997"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/ppma_author?post=2997"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}