{"id":9670,"date":"2021-08-05T00:00:39","date_gmt":"2021-08-05T07:00:39","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=9670"},"modified":"2025-06-13T19:27:03","modified_gmt":"2025-06-14T02:27:03","slug":"introducing-rbac-security-for-collections","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/pt\/introducing-rbac-security-for-collections\/","title":{"rendered":"Apresentando a seguran\u00e7a de controle de acesso com base em fun\u00e7\u00e3o (RBAC) para cole\u00e7\u00f5es no Couchbase 7.0"},"content":{"rendered":"<p><strong>Seus dados no Couchbase acabaram de ficar mais seguros.<\/strong> <\/p>\n<p>O Couchbase Server 7.0 introduziu Scopes e Collections para mapear melhor os modelos de dados relacionais e NoSQL. Mas a vers\u00e3o 7.0 tamb\u00e9m inclui alguns aprimoramentos adicionais para refor\u00e7ar a seguran\u00e7a do <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/products\/capella\/\" rel=\"noopener\" target=\"_blank\">a plataforma de dados<\/a>. Mais especificamente, a seguran\u00e7a de controle de acesso baseado em fun\u00e7\u00e3o (RBAC) agora \u00e9 suportada no n\u00edvel de escopos e cole\u00e7\u00f5es individuais.  <\/p>\n<p>O que tudo isso significa para suas implementa\u00e7\u00f5es do Couchbase? Vamos nos aprofundar.<\/p>\n<h2>Fun\u00e7\u00f5es de seguran\u00e7a RBAC existentes no Couchbase<\/h2>\n<p>O Couchbase Server permitiu controles refinados do acesso do usu\u00e1rio \u00e0 plataforma com seguran\u00e7a de controle de acesso baseado em fun\u00e7\u00e3o (RBAC) <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/administrative-role-based-access-control-in-4-5\/?ref=blog\" rel=\"noopener\" target=\"_blank\">para administradores desde a vers\u00e3o 4.5<\/a> e para <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/secure-nosql-data-couchbase-role-based-access-control\/?ref=blog\" rel=\"noopener\" target=\"_blank\">todos os usu\u00e1rios desde a vers\u00e3o 5.0<\/a>. As Couchbase Collections foram introduzidas como um recurso de visualiza\u00e7\u00e3o para desenvolvedores no Couchbase Server 6.5 e s\u00e3o <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/couchbase-server-7-0-release\/?ref=blog\" rel=\"noopener\" target=\"_blank\">agora com suporte total no Couchbase Server 7.0<\/a>. <\/p>\n<p>Couchbase <a href=\"https:\/\/docs.couchbase.com\/server\/current\/learn\/security\/roles.html?ref=blog\" rel=\"noopener\" target=\"_blank\">Fun\u00e7\u00f5es de seguran\u00e7a RBAC<\/a> foram divididos anteriormente em duas categorias:<\/p>\n<ul>\n<ul>\n<li><strong>Administra\u00e7\u00e3o e global:<\/strong> Essas fun\u00e7\u00f5es est\u00e3o associadas a privil\u00e9gios em todo o cluster. Algumas dessas fun\u00e7\u00f5es s\u00e3o para administradores que podem gerenciar as configura\u00e7\u00f5es do cluster, ler estat\u00edsticas ou refor\u00e7ar a seguran\u00e7a. Outras s\u00e3o para usu\u00e1rios e aplicativos definidos pelo usu\u00e1rio que exigem acesso a recursos espec\u00edficos de todo o cluster.<\/li>\n<li><strong>Por balde:<\/strong> Essas fun\u00e7\u00f5es est\u00e3o associadas a um ou mais Buckets e suportam a leitura e a grava\u00e7\u00e3o das configura\u00e7\u00f5es do Bucket, o acesso aos dados e o gerenciamento de servi\u00e7os, \u00edndices e procedimentos de replica\u00e7\u00e3o.<\/li>\n<\/ul>\n<\/ul>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<h2>Um exemplo de RBAC usando escopos e cole\u00e7\u00f5es<\/h2>\n<p>Por exemplo, voc\u00ea pode ter concedido acesso de leitura a um Bucket chamado <code>Viagens<\/code> para um mecanismo de busca de hot\u00e9is confi\u00e1vel chamado Acme Co. com um usu\u00e1rio chamado <code>acme<\/code> usando um comando como este na interface de linha de comando de um cluster baseado em Linux. (Talvez seja necess\u00e1rio ajustar os caminhos se estiver usando outra plataforma).<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/couchbase-cli user-manage -c localhost:8091  -u Administrator  -p password \\\r\n --set --rbac-username acme --rbac-password cbpass7beta  --rbac-name \"Acme Co. (Hotel)\" \\\r\n --roles data_reader[Travel] --auth-domain local\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Isso permitiria que seu parceiro de pesquisa de hot\u00e9is, a Acme Co., acessasse todos os dados que sua empresa est\u00e1 armazenando no <code>Viagens<\/code> Bucket do Couchbase. Isso pode incluir pedidos, invent\u00e1rio e outros dados n\u00e3o apenas de hot\u00e9is, mas tamb\u00e9m de companhias a\u00e9reas e outros produtos de viagem. Seguindo o princ\u00edpio do menor privil\u00e9gio, e se quis\u00e9ssemos limitar os dados aos quais a Acme Co. tem acesso, em vez de permitir o acesso a <em>todos<\/em> dados de viagem em nossa empresa?<\/p>\n<p>As cole\u00e7\u00f5es permitem que os documentos JSON em um Bucket do Couchbase sejam organizados, primeiro em Escopos, em que um Escopo \u00e9 semelhante a um esquema em um banco de dados relacional (RDBMS). Em seguida, o escopo \u00e9 subdividido em cole\u00e7\u00f5es individuais, de forma semelhante \u00e0 estrutura\u00e7\u00e3o de uma tabela em um banco de dados relacional tradicional. <\/p>\n<p>O espa\u00e7o de nomes em cada escopo \u00e9 independente dos outros, portanto, voc\u00ea pode ter os mesmos nomes de cole\u00e7\u00e3o em escopos diferentes. Da mesma forma, as chaves de documentos precisam ser exclusivas apenas em uma cole\u00e7\u00e3o e, portanto, documentos com a mesma chave podem existir em diferentes cole\u00e7\u00f5es. <\/p>\n<p>Antes da introdu\u00e7\u00e3o de escopos e cole\u00e7\u00f5es, era comum organizar os documentos do Couchbase com base em prefixos-chave, como <code>Orders::Europe::Customer1<\/code>. As cole\u00e7\u00f5es oferecem muito mais flexibilidade nas chaves de documentos do que as dispon\u00edveis anteriormente.<\/p>\n<p>Abaixo est\u00e1 um diagrama visual da rela\u00e7\u00e3o entre Buckets, Scopes e Collections para um exemplo de conjunto de dados de viagens. <\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsDiagram.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-9739\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsDiagram-1024x599.png\" alt=\"Buckets, Scopes and Collections within Couchbase\" width=\"900\" height=\"526\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsDiagram-1024x599.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsDiagram-300x176.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsDiagram-768x449.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsDiagram-20x12.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsDiagram.png 1080w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Para atualiza\u00e7\u00f5es cont\u00ednuas e para compatibilidade com vers\u00f5es anteriores, cada Bucket agora tem um <code>Padr\u00e3o<\/code> Escopo e o <code>Padr\u00e3o<\/code> O escopo tem um <code>Padr\u00e3o<\/code> Cole\u00e7\u00e3o. A <code>Padr\u00e3o<\/code> A cole\u00e7\u00e3o oferece compatibilidade com vers\u00f5es anteriores e uma refer\u00eancia direta ao Bucket mapeia automaticamente para a cole\u00e7\u00e3o <code>Padr\u00e3o<\/code> Cole\u00e7\u00e3o. Al\u00e9m disso, na atualiza\u00e7\u00e3o, todos os dados existentes s\u00e3o automaticamente adicionados \u00e0 <code>Padr\u00e3o<\/code> Cole\u00e7\u00e3o. <\/p>\n<p>Enquanto o <code>Padr\u00e3o<\/code> A cole\u00e7\u00e3o \u00e9 fornecida como um mecanismo de compatibilidade com vers\u00f5es anteriores; novos aplicativos devem ser escritos usando cole\u00e7\u00f5es nomeadas. Como voc\u00ea pode ver, as cole\u00e7\u00f5es permitem op\u00e7\u00f5es adicionais para organizar os dados em um <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/products\/server\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Servidor Couchbase<\/a> agrupamento.<\/p>\n<p>Voltando ao exemplo acima, e se quis\u00e9ssemos permitir que a Acme Co. visse apenas os dados do hotel, em vez de todos os dados de viagem da empresa? Com o Collections, agora voc\u00ea pode limitar os limites de acesso da Acme apenas ao escopo de sua escolha. <\/p>\n<p>Por exemplo, se a Acme Co. precisasse verificar o invent\u00e1rio de quartos de hotel dispon\u00edveis, poder\u00edamos restringir sua fun\u00e7\u00e3o RBAC para <code>Hotel<\/code> Cole\u00e7\u00e3o dentro do <code>Invent\u00e1rio<\/code> Escopo dentro do <code>Viagens<\/code> Balde.<\/p>\n<h2>Explica\u00e7\u00e3o da seguran\u00e7a de controle de acesso baseado em fun\u00e7\u00e3o (RBAC)<\/h2>\n<p>Como os escopos e as cole\u00e7\u00f5es funcionam com o controle de acesso baseado em fun\u00e7\u00e3o no banco de dados? <\/p>\n<p>Um usu\u00e1rio que tem acesso a um Bucket herda o acesso aos Escopos e Cole\u00e7\u00f5es filhos desse Bucket. Da mesma forma, um usu\u00e1rio que tem acesso a um escopo herda o acesso \u00e0s cole\u00e7\u00f5es filhas, mas n\u00e3o ao bucket pai. <\/p>\n<p>Veja a seguir um detalhamento de como a nova seguran\u00e7a baseada em fun\u00e7\u00e3o funciona com o Collections:<\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>Fun\u00e7\u00e3o<\/strong><\/td>\n<td><strong>Descri\u00e7\u00e3o<\/strong><\/td>\n<\/tr>\n<tr>\n<td><code>leitor_de_dados[*]<\/code><\/td>\n<td>Pode ler dados em cada Bucket, incluindo cada Escopo e Cole\u00e7\u00e3o, em todo o cluster.<\/td>\n<\/tr>\n<tr>\n<td><code>leitor_de_dados[foo]<\/code><\/td>\n<td>Pode ler dados em todos os escopos e cole\u00e7\u00f5es somente dentro do Bucket <code>foo<\/code>.<\/td>\n<\/tr>\n<tr>\n<td><code>leitor_de_dados[foo:bar]<\/code><\/td>\n<td>Pode ler dados em todas as cole\u00e7\u00f5es dentro do escopo <strong>bar<\/strong> da ca\u00e7amba <code>foo<\/code>.<\/td>\n<\/tr>\n<tr>\n<td><code>leitor_de_dados[foo:bar:baz]<\/code><\/td>\n<td>Pode ler dados somente na cole\u00e7\u00e3o <em>baz<\/em> que est\u00e1 localizado no escopo <strong>bar<\/strong> da ca\u00e7amba <code>foo<\/code>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-example1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-example1-1024x580.png\" alt=\"Role-based access control on Couchbase Scopes and Collections Example\" width=\"900\" height=\"510\" class=\"aligncenter size-large wp-image-9737\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example1-1024x580.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example1-300x170.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example1-768x435.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example1-20x11.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example1.png 1084w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-example2.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-example2-1024x527.png\" alt=\"An example of RBAC security on Scopes and Collections in Couchbase\" width=\"900\" height=\"463\" class=\"aligncenter size-large wp-image-9738\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example2-1024x527.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example2-300x154.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example2-768x395.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example2-20x10.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example2.png 1080w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Para a Acme Co, o comando CLI \u00e9 semelhante ao exemplo anterior, mas, em vez de definir o RBAC para um Bucket, voc\u00ea precisa ajust\u00e1-lo para permitir apenas um \u00fanico Escopo e\/ou Cole\u00e7\u00e3o.<\/p>\n<p>Em nosso exemplo acima, queremos permitir que o <code>acme<\/code> acesso do usu\u00e1rio ao <code>Hotel<\/code> Cole\u00e7\u00e3o dentro do <code>Invent\u00e1rio<\/code> Escopo, portanto, nesse caso, a fun\u00e7\u00e3o seria <code>data_reader[Travel:Inventory:Hotel]<\/code>.<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/couchbase-cli user-manage -c localhost:8091 -u Administrator  -p password \\\r\n --set --rbac-username acme --rbac-password cbpass7beta --rbac-name \"Acme Co. (Hotel)\" \\\r\n --roles data_reader[Travel:Inventory:Hotel] --auth-domain local\r\n<\/pre>\n<p>Voc\u00ea deve estar se perguntando: quais fun\u00e7\u00f5es de acesso de usu\u00e1rio podem ter um escopo e uma cole\u00e7\u00e3o definidos? Aqui est\u00e1 a lista completa:<\/p>\n<ul><\/ul>\n<li>Acesso a aplicativos<\/li>\n<li>Leitor de dados<\/li>\n<li>Gravador de dados<\/li>\n<li>Leitor de dados DCP<\/li>\n<li>Monitoramento de dados<\/li>\n<li>Leitor de pesquisa de texto completo (FTS)<\/li>\n<li>Sele\u00e7\u00e3o de consulta<\/li>\n<li>Atualiza\u00e7\u00e3o da consulta<\/li>\n<li>Inser\u00e7\u00e3o de consulta<\/li>\n<li>Consulta Excluir<\/li>\n<li>Consulta Gerenciar \u00edndice<\/li>\n<li>Sele\u00e7\u00e3o de an\u00e1lise<\/li>\n<li>Tamb\u00e9m adicionamos uma fun\u00e7\u00e3o Manage Collections in Scope (Gerenciar cole\u00e7\u00f5es no escopo) para permitir que um usu\u00e1rio adicione e remova cole\u00e7\u00f5es em um escopo espec\u00edfico em um Bucket.<\/li>\n<\/ul>\n<\/ul>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<h2>Um exemplo pr\u00e1tico de seguran\u00e7a RBAC com o Couchbase Server 7.0<\/h2>\n<p>Agora, vamos a mais alguns exemplos pr\u00e1ticos que voc\u00ea pode <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/downloads\/?ref=blog\" rel=\"noopener\" target=\"_blank\">experimente voc\u00ea mesmo no Couchbase Server 7.0<\/a>. Como antes, estou usando um cluster baseado em Linux, portanto, talvez seja necess\u00e1rio ajustar os caminhos se estiver usando outra plataforma. Voc\u00ea precisar\u00e1 executar os servi\u00e7os de dados, consulta e \u00edndice do Couchbase para este exemplo.<\/p>\n<p>Primeiro, carregue o <code>amostra de viagem<\/code> Bucket em seu cluster. <\/p>\n<pre>\r\ncurl -X POST -u Administrator:password https:\/\/localhost:8091\/sampleBuckets\/install -d '[\"travel-sample\"]'\r\n[]\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Em seguida, crie algumas cole\u00e7\u00f5es adicionais no Bucket. Usaremos o <code>Padr\u00e3o<\/code> Escopo. Voc\u00ea precisar\u00e1 usar um usu\u00e1rio administrador do Bucket (ou privil\u00e9gios superiores) para criar as novas cole\u00e7\u00f5es. <\/p>\n<pre>\r\n$ \/opt\/couchbase\/bin\/couchbase-cli collection-manage --create-collection _default.hotel -c localhost \\\r\n -u Administrator -p password --bucket travel-sample\r\n<\/pre>\n<pre>\r\nSUCCESS: Collection created\r\n<\/pre>\n<pre>\r\n$ \/opt\/couchbase\/bin\/couchbase-cli collection-manage --create-collection _default.airport -c localhost \\\r\n-u Administrator -p password --bucket travel-sample\r\n<\/pre>\n<pre>\r\nSUCCESS: Collection created\r\n<\/pre>\n<pre>\r\n$ \/opt\/couchbase\/bin\/couchbase-cli collection-manage --create-collection _default.airline -c localhost \\\r\n-u Administrator -p password --bucket travel-sample\r\n<\/pre>\n<pre>\r\nSUCCESS: Collection created\r\n<\/pre>\n<pre>\r\n$ \/opt\/couchbase\/bin\/couchbase-cli collection-manage --create-collection _default.landmark -c localhost \\\r\n -u Administrator -p password --bucket travel-sample\r\n<\/pre>\n<pre>\r\nSUCCESS: Collection created\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Voc\u00ea tamb\u00e9m pode ver essas cole\u00e7\u00f5es na interface do usu\u00e1rio da Web do Couchbase Server, conforme mostrado abaixo.<\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<div id=\"attachment_9676\" style=\"width: 910px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-02.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9676\" class=\"wp-image-9676 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-02-1024x564.png\" alt=\"Screenshot of Couchbase Server 7.0 Buckets\" width=\"900\" height=\"496\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-02-1024x564.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-02-300x165.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-02-768x423.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-02-20x11.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-02.png 1246w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><p id=\"caption-attachment-9676\" class=\"wp-caption-text\">A visualiza\u00e7\u00e3o do Bucket no Couchbase Server 7.0<\/p><\/div>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<div id=\"attachment_9677\" style=\"width: 910px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-03.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9677\" class=\"wp-image-9677 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-03-1024x561.png\" alt=\"Couchbase Server 7.0 Scopes and Collections Screenshot\" width=\"900\" height=\"493\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-03-1024x561.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-03-300x164.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-03-768x421.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-03-20x11.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-03.png 1244w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><p id=\"caption-attachment-9677\" class=\"wp-caption-text\">A visualiza\u00e7\u00e3o Escopos e cole\u00e7\u00f5es no Couchbase Server 7.0<\/p><\/div>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Em seguida, carregaremos dados em cada uma das cole\u00e7\u00f5es com base em um campo que j\u00e1 existe nos documentos, chamado <code>tipo<\/code>. O documento <code>tipo<\/code> corresponde \u00e0s novas cole\u00e7\u00f5es que acabamos de criar. Os dados s\u00e3o copiados para a cole\u00e7\u00e3o usando <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/products\/n1ql\/?ref=blog\" rel=\"noopener\" target=\"_blank\">a linguagem de consulta N1QL<\/a> na linha de comando. <strong>Observa\u00e7\u00e3o:<\/strong> Precisamos ter o cuidado de escapar dos caracteres que o shell tentaria executar, como os backticks.<\/p>\n<p>Se voc\u00ea tiver algum problema com a formata\u00e7\u00e3o ou com a execu\u00e7\u00e3o do comando, aqui est\u00e1 uma imagem de exemplo de como o comando deve ser. <\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-9814\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate.png\" alt=\"Screenshot of N1QL query for Hotel Collection Populate\" width=\"1500\" height=\"74\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate.png 1500w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate-300x15.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate-1024x51.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate-768x38.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate-20x1.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate-1320x65.png 1320w\" sizes=\"auto, (max-width: 1500px) 100vw, 1500px\" \/><\/a><\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=Administrator -p=password --script=\\\r\n\"INSERT INTO \\\\`travel-sample\\\\`._default.hotel (KEY _key, VALUE _value)\\\r\n SELECT meta().id _key, _value FROM \\\\`travel-sample\\\\` _value WHERE type='hotel'\"\r\n<\/pre>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=Administrator -p=password --script=\\\r\n\"INSERT INTO \\\\`travel-sample\\\\`._default.airport (KEY _key, VALUE _value)\\\r\n SELECT meta().id _key, _value FROM \\\\`travel-sample\\\\` _value WHERE type='airport'\"\r\n<\/pre>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=Administrator -p=password --script=\\\r\n\"INSERT INTO \\\\`travel-sample\\\\`._default.airline (KEY _key, VALUE _value)\\\r\n SELECT meta().id _key, _value FROM \\\\`travel-sample\\\\` _value WHERE type='airline'\"\r\n<\/pre>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=Administrator -p=password --script=\\\r\n\"INSERT INTO \\\\`travel-sample\\\\`._default.landmark (KEY _key, VALUE _value)\\\r\n SELECT meta().id _key, _value FROM \\\\`travel-sample\\\\` _value WHERE type='landmark'\"\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Vamos criar um \u00edndice prim\u00e1rio no <code>hotel<\/code> Cole\u00e7\u00e3o como administrador:<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=Administrator -p=password --script=\\\r\n\"CREATE PRIMARY INDEX \\`hotel-primary\\` ON \\\\`travel-sample\\\\`._default.hotel\"\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Agora, vamos obter uma lista de todos os usu\u00e1rios e fun\u00e7\u00f5es:<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/couchbase-cli user-manage -c localhost:8091 -u Administrator -p password --list\r\n<\/pre>\n<pre>\r\n[]\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Como voc\u00ea pode ver acima, no momento temos apenas o administrador interno e nenhum usu\u00e1rio adicional. Portanto, a sa\u00edda do comando est\u00e1 vazia, como esperado. <\/p>\n<p>Em seguida, vamos criar um usu\u00e1rio, John Doe. Daremos a John uma fun\u00e7\u00e3o de leitor de dados e uma fun\u00e7\u00e3o de sele\u00e7\u00e3o de consulta na tabela <code>hotel<\/code> Cole\u00e7\u00e3o, que est\u00e1 localizada no <code>Padr\u00e3o<\/code> Escopo.<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/couchbase-cli user-manage -c localhost:8091 -u Administrator  -p password \\\r\n--set --rbac-username jdoe --rbac-password cbpass7beta  --rbac-name \"John Doe\" \\\r\n--roles data_reader[travel-sample:_default:hotel],query_select[travel-sample:_default:hotel]  \\\r\n--auth-domain local\r\n<\/pre>\n<pre>\r\nSUCCESS: User jdoe set\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Novamente, voc\u00ea tamb\u00e9m pode fazer isso na interface do usu\u00e1rio da Web.<\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<div id=\"attachment_9678\" style=\"width: 910px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-04.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9678\" class=\"wp-image-9678 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-04-1024x362.png\" alt=\"Couchbase Server 7.0 screenshot of user roles\" width=\"900\" height=\"318\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-04-1024x362.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-04-300x106.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-04-768x271.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-04-20x7.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-04.png 1246w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><p id=\"caption-attachment-9678\" class=\"wp-caption-text\">Fun\u00e7\u00f5es de usu\u00e1rio RBAC no Couchbase Server 7.0<\/p><\/div>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Em seguida, verificamos se John Doe tem as permiss\u00f5es espec\u00edficas para o <code>hotel<\/code> Cole\u00e7\u00e3o. Quando John tenta ler todo o Bucket de amostras de viagem, ele recebe um erro de permiss\u00e3o negada.<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/couchbase-cli user-manage -c localhost:8091 -u Administrator -p password --list\r\n<\/pre>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=jdoe -p=cbpass7beta --script=\\\r\n\"SELECT type, name, hotel.country FROM \\\\`travel-sample\\\\` LIMIT 5;\"\r\n<\/pre>\n<pre>\r\nSELECT type, name, hotel.country FROM `travel-sample` LIMIT 5;\r\n\r\n{\r\n....\r\n    \"results\": [\r\n\r\n    ],\r\n\r\n    \"errors\": [\r\n\r\n        {\r\n\r\n            \"code\": 13014,\r\n\r\n            \"msg\": \"User does not have credentials to run SELECT queries on default:travel-sample. Add role query_select on default:travel-sample to allow the query to run.\"\r\n\r\n        }\r\n\r\n    ],\r\n\r\n    \"status\": \"fatal\",\r\n    \u2026\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Desta vez, como John, vamos selecionar cinco hot\u00e9is apenas da <code>hotel<\/code> Cole\u00e7\u00e3o do <code>amostra de viagem<\/code> Bucket, que John <em>faz<\/em> ter acesso a.<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=jdoe -p=cbpass7beta --script=\\\r\n\"SELECT type, name, hotel.country FROM \\\\`travel-sample\\\\`._default.hotel LIMIT 5;\"\r\n<\/pre>\n<pre> \r\n SELECT type, name, hotel.country FROM `travel-sample`._default.hotel LIMIT 5;\r\n{\r\n    \"requestID\": \"3cdc2fa8-b0cf-411a-a325-a1534280087a\",\r\n    \"signature\": {\r\n        \"country\": \"json\",\r\n        \"name\": \"json\",\r\n        \"type\": \"json\"\r\n    },\r\n    \"results\": [\r\n    {\r\n        \"country\": \"United Kingdom\",\r\n        \"name\": \"Medway Youth Hostel\",\r\n        \"type\": \"hotel\"\r\n    },\r\n    {\r\n        \"country\": \"United Kingdom\",\r\n        \"name\": \"The Balmoral Guesthouse\",\r\n        \"type\": \"hotel\"\r\n    },\r\n    {\r\n        \"country\": \"France\",\r\n        \"name\": \"The Robins\",\r\n        \"type\": \"hotel\"\r\n    },\r\n    {\r\n        \"country\": \"France\",\r\n        \"name\": \"Le Clos Fleuri\",\r\n        \"type\": \"hotel\"\r\n    },\r\n    {\r\n        \"country\": \"United Kingdom\",\r\n        \"name\": \"Glasgow Grand Central\",\r\n        \"type\": \"hotel\"\r\n    }\r\n    ],\r\n    \"status\": \"success\",\r\n...\r\n}\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Como mostrado nos exemplos acima, voc\u00ea pode qualificar uma fun\u00e7\u00e3o Data Reader e Query Select com um confinamento Scope e Collection. <\/p>\n<p>Divirta-se e proteja suas cole\u00e7\u00f5es com nossa nova funcionalidade de controle de acesso baseado em fun\u00e7\u00f5es!<\/p>\n<h2>Mais recursos sobre a vers\u00e3o 7.0 do Couchbase<\/h3>\n<ul>\n<ul>\n<li><a href=\"https:\/\/docs.couchbase.com\/server\/7.0\/introduction\/whats-new.html?ref=blog\" rel=\"noopener\" target=\"_blank\">O que h\u00e1 de novo no Couchbase Server 7.0<\/a><\/li>\n<li><a href=\"https:\/\/docs.couchbase.com\/server\/7.0\/release-notes\/relnotes.html?ref=blog\" rel=\"noopener\" target=\"_blank\">Notas de vers\u00e3o do Couchbase 7.0<\/a><\/li>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/pt\/scopes-and-collections-for-modern-multi-tenant-applications-couchbase-7-0\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Como os escopos e cole\u00e7\u00f5es simplificam as implementa\u00e7\u00f5es de aplicativos multilocat\u00e1rios no Couchbase<\/a><\/li>\n<li>O suporte ao cliente do Enterprise Edition est\u00e1 dispon\u00edvel por meio de seus canais de suporte regulares. <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/forums\/?ref=blog\" rel=\"noopener\" target=\"_blank\">O suporte da comunidade est\u00e1 dispon\u00edvel nos f\u00f3runs do Couchbase<\/a><\/li>\n<\/ul>\n<\/ul>\n<div class=\"wp-block-spacer\" style=\"height: 30px\" aria-hidden=\"true\"> <\/div>\n<div style=\"text-align:center\"><strong>Deseja experimentar voc\u00ea mesmo a seguran\u00e7a RBAC no Couchbase?<br \/>\n<a href=\"https:\/\/www.couchbase.com\/blog\/pt\/downloads\/?ref=blog\" rel=\"noopener\" target=\"_blank\">D\u00ea uma olhada no Couchbase hoje mesmo<\/a><\/strong><\/div>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>&nbsp;<br \/>\n&nbsp;<br \/>\n&nbsp;<\/p>","protected":false},"excerpt":{"rendered":"<p>Your data in Couchbase just got more secure. Couchbase Server 7.0 introduced Scopes and Collections to better map between relational and NoSQL data models. But the 7.0 release also includes some additional enhancements to strengthen the security of the data [&hellip;]<\/p>","protected":false},"author":1864,"featured_media":11668,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1816,9336,1813,1812],"tags":[1261,1725,1903,1385,9301,1962],"ppma_author":[8928],"class_list":["post-9670","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-couchbase-server","category-scopes-and-collections","category-security","category-n1ql-query","tag-json","tag-nosql-database","tag-rbac","tag-rdbms","tag-relational-database","tag-role-based-access-control"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v26.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0<\/title>\n<meta name=\"description\" content=\"Learn how role-based access control, or RBAC Security in the database, has been expanded for Scopes and Collections in the Couchbase Server 7.0 release.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/pt\/introducing-rbac-security-for-collections\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0\" \/>\n<meta property=\"og:description\" content=\"Learn how role-based access control, or RBAC Security in the database, has been expanded for Scopes and Collections in the Couchbase Server 7.0 release.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/pt\/introducing-rbac-security-for-collections\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-05T07:00:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T02:27:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Introducing-RBAC-Security-for-Collections.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ian McCloy, Director Product Management\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections-social.jpeg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ian McCloy, Director Product Management\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\"},\"author\":{\"name\":\"Ian McCloy, Director Product Management, Couchbase\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19\"},\"headline\":\"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0\",\"datePublished\":\"2021-08-05T07:00:39+00:00\",\"dateModified\":\"2025-06-14T02:27:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\"},\"wordCount\":1433,\"commentCount\":3,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg\",\"keywords\":[\"JSON\",\"NoSQL Database\",\"RBAC\",\"RDBMS\",\"relational database\",\"Role Based Access Control (RBAC)\"],\"articleSection\":[\"Couchbase Server\",\"Scopes and Collections\",\"Security\",\"SQL++ \/ N1QL Query\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\",\"name\":\"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg\",\"datePublished\":\"2021-08-05T07:00:39+00:00\",\"dateModified\":\"2025-06-14T02:27:03+00:00\",\"description\":\"Learn how role-based access control, or RBAC Security in the database, has been expanded for Scopes and Collections in the Couchbase Server 7.0 release.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg\",\"width\":1200,\"height\":628,\"caption\":\"Learn how role-based access control has expanded for Scopes and Collections in Couchbase Server 7.0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19\",\"name\":\"Ian McCloy, Director Product Management, Couchbase\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/97dd714a3242521ce9dcea0d96550c5f\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g\",\"caption\":\"Ian McCloy, Director Product Management, Couchbase\"},\"description\":\"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom. His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella. This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator. Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/ianmccloy\/\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/pt\/author\/ian-mccloycouchbase-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Apresentando a seguran\u00e7a de controle de acesso com base em fun\u00e7\u00e3o (RBAC) para cole\u00e7\u00f5es no Couchbase 7.0","description":"Saiba como o controle de acesso baseado em fun\u00e7\u00e3o, ou RBAC Security no banco de dados, foi expandido para Escopos e Cole\u00e7\u00f5es na vers\u00e3o 7.0 do Couchbase Server.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/pt\/introducing-rbac-security-for-collections\/","og_locale":"pt_BR","og_type":"article","og_title":"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0","og_description":"Learn how role-based access control, or RBAC Security in the database, has been expanded for Scopes and Collections in the Couchbase Server 7.0 release.","og_url":"https:\/\/www.couchbase.com\/blog\/pt\/introducing-rbac-security-for-collections\/","og_site_name":"The Couchbase Blog","article_published_time":"2021-08-05T07:00:39+00:00","article_modified_time":"2025-06-14T02:27:03+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Introducing-RBAC-Security-for-Collections.png","type":"image\/png"}],"author":"Ian McCloy, Director Product Management","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections-social.jpeg","twitter_misc":{"Written by":"Ian McCloy, Director Product Management","Est. reading time":"8 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/"},"author":{"name":"Ian McCloy, Director Product Management, Couchbase","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19"},"headline":"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0","datePublished":"2021-08-05T07:00:39+00:00","dateModified":"2025-06-14T02:27:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/"},"wordCount":1433,"commentCount":3,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg","keywords":["JSON","NoSQL Database","RBAC","RDBMS","relational database","Role Based Access Control (RBAC)"],"articleSection":["Couchbase Server","Scopes and Collections","Security","SQL++ \/ N1QL Query"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/","url":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/","name":"Apresentando a seguran\u00e7a de controle de acesso com base em fun\u00e7\u00e3o (RBAC) para cole\u00e7\u00f5es no Couchbase 7.0","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg","datePublished":"2021-08-05T07:00:39+00:00","dateModified":"2025-06-14T02:27:03+00:00","description":"Saiba como o controle de acesso baseado em fun\u00e7\u00e3o, ou RBAC Security no banco de dados, foi expandido para Escopos e Cole\u00e7\u00f5es na vers\u00e3o 7.0 do Couchbase Server.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg","width":1200,"height":628,"caption":"Learn how role-based access control has expanded for Scopes and Collections in Couchbase Server 7.0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"Blog do Couchbase","description":"Couchbase, o banco de dados NoSQL","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"Blog do Couchbase","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19","name":"Ian McCloy, diretor de gerenciamento de produtos, Couchbase","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/97dd714a3242521ce9dcea0d96550c5f","url":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","caption":"Ian McCloy, Director Product Management, Couchbase"},"description":"Ian McCloy \u00e9 diretor do grupo de gerenciamento de produtos de plataforma e seguran\u00e7a da Couchbase e mora no Reino Unido. Sua equipe dedicada \u00e9 respons\u00e1vel pela arquitetura de confiabilidade, disponibilidade, capacidade de servi\u00e7o e seguran\u00e7a do Couchbase Server e do banco de dados SaaS, Capella. Essa equipe tamb\u00e9m \u00e9 propriet\u00e1ria de plataformas nativas da nuvem, como o Operador Aut\u00f4nomo Kubernetes do Couchbase. Ian tem uma vasta experi\u00eancia como engenheiro de software, engenheiro de suporte t\u00e9cnico, engenheiro de garantia de qualidade e administrador de sistemas. Ian liderou equipes t\u00e9cnicas globais durante a maior parte de sua carreira profissional de 20 anos e possui v\u00e1rias patentes nas \u00e1reas de seguran\u00e7a da informa\u00e7\u00e3o, virtualiza\u00e7\u00e3o e design de hardware. https:\/\/www.linkedin.com\/in\/ianmccloy\/","sameAs":["https:\/\/www.linkedin.com\/in\/ianmccloy\/"],"url":"https:\/\/www.couchbase.com\/blog\/pt\/author\/ian-mccloycouchbase-com\/"}]}},"authors":[{"term_id":8928,"user_id":1864,"is_guest":0,"slug":"ian-mccloycouchbase-com","display_name":"Ian McCloy, Director Product Management","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","author_category":"","last_name":"McCloy, Director Product Management","first_name":"Ian","job_title":"","user_url":"","description":"Ian McCloy \u00e9 diretor do grupo de gerenciamento de produtos de plataforma e seguran\u00e7a da Couchbase e mora no Reino Unido.  Sua equipe dedicada \u00e9 respons\u00e1vel pela arquitetura de confiabilidade, disponibilidade, capacidade de servi\u00e7o e seguran\u00e7a do Couchbase Server e do banco de dados SaaS, Capella.  Essa equipe tamb\u00e9m \u00e9 propriet\u00e1ria de plataformas nativas da nuvem, como o Operador Aut\u00f4nomo Kubernetes do Couchbase.  Ian tem uma vasta experi\u00eancia como engenheiro de software, engenheiro de suporte t\u00e9cnico, engenheiro de garantia de qualidade e administrador de sistemas. Ian liderou equipes t\u00e9cnicas globais durante a maior parte de sua carreira profissional de 20 anos e det\u00e9m v\u00e1rias patentes nas \u00e1reas de seguran\u00e7a da informa\u00e7\u00e3o, virtualiza\u00e7\u00e3o e design de hardware. https:\/\/www.linkedin.com\/in\/ianmccloy\/"}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/9670","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/users\/1864"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/comments?post=9670"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/9670\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media\/11668"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media?parent=9670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/categories?post=9670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/tags?post=9670"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/ppma_author?post=9670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}