{"id":12684,"date":"2022-01-13T12:19:07","date_gmt":"2022-01-13T20:19:07","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=12684"},"modified":"2025-06-13T22:39:14","modified_gmt":"2025-06-14T05:39:14","slug":"new-rbac-roles-in-couchbase-7-0","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/","title":{"rendered":"New RBAC Roles in Couchbase 7.0"},"content":{"rendered":"<p><span style=\"font-weight: 400\">Couchbase Server version 7.0 introduces some important changes as part of the role-based access control (RBAC) authorization system.\u00a0 Couchbase Server has allowed fine-grained access controls to the platform with RBAC <\/span><a href=\"https:\/\/www.couchbase.com\/blog\/administrative-role-based-access-control-in-4-5\/\"><span style=\"font-weight: 400\">for administrators since version 4.5<\/span><\/a><span style=\"font-weight: 400\"> and <\/span><a href=\"https:\/\/www.couchbase.com\/blog\/secure-nosql-data-couchbase-role-based-access-control\/\"><span style=\"font-weight: 400\">all users since version 5.0<\/span><\/a><span style=\"font-weight: 400\">. In the <\/span><a href=\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\"><span style=\"font-weight: 400\">previous blog post<\/span><\/a><span style=\"font-weight: 400\">, I described how DBAs can control some roles to restrict access to a scope or collection level. In this post, I would like to show you some of the role changes and additional roles that have been created.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Here is a summary of the changes:<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Security Admin has been replaced with Local or External User Security Admin<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Two new Full Admin roles: Eventing Full Admin and Backup Full Admin<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Eight new Functions roles for SQL++ Query User-Defined Functions<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Two additional operational roles: Manage Scopes and External Stats Reader<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Security Admin<\/span><\/h4>\n<p><span style=\"font-weight: 400\">We received some customer feedback that RBAC didn\u2019t define the existing Security Admin role narrowly enough. We decided we could improve security to allow administrators to choose if a Security Admin could manage Local Users, External Users or both. With Couchbase Server 7.0, we split the role of Security Admin into two distinct roles: Local User Security Admin and External User Security Admin.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">Upon upgrading a cluster from a previous version where a user has the Security Admin role, their role definition will change to inherit both new roles instead of the legacy Security Admin role.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The new <\/span><b>Local User Security Admin<\/b><span style=\"font-weight: 400\"> role allows an administrator to add\/remove\/modify users defined and stored <\/span><i><span style=\"font-weight: 400\">locally <\/span><\/i><span style=\"font-weight: 400\">in the cluster.\u00a0 This role does not permit the administrator to change the external authentication settings.<\/span><span style=\"font-weight: 400\"><br \/>\n<\/span><span style=\"font-weight: 400\"><br \/>\n<\/span><span style=\"font-weight: 400\">The <\/span><b>External User Security Admin<\/b><span style=\"font-weight: 400\"> role allows an administrator to add\/remove\/modify users defined and managed <\/span><i><span style=\"font-weight: 400\">externally <\/span><\/i><span style=\"font-weight: 400\">to the cluster in a system such as LDAP or Active Directory. Additionally, this role <\/span><i><span style=\"font-weight: 400\">allows modification <\/span><\/i><span style=\"font-weight: 400\">of the external authentication settings.<\/span><\/p>\n<p><span style=\"font-weight: 400\">An administrator who possesses both Local User Security Admin and External User Security Admin can manage all non-admin users in the cluster.<\/span><\/p>\n<h4><span style=\"font-weight: 400\">New Full Admin Roles<\/span><\/h4>\n<p><span style=\"font-weight: 400\">We created two new roles in Couchbase Server 7.0 to facilitate cluster-wide operations for Eventing and Backups: Eventing Full Admin and Backup Full Admin.<\/span><\/p>\n<p><b>Eventing Full Admin<\/b><span style=\"font-weight: 400\"> is a powerful administrator role. It has most of the same capabilities as a Full Admin, but it does not allow the modification of security settings such as adding or removing users or modification of XDCR.\u00a0<\/span><\/p>\n<p><b>Backup Full Admin<\/b><span style=\"font-weight: 400\"> is also a powerful administrator role. It, too, has most of the same capabilities as a Full Admin, but it also does not allow modification of security settings.\u00a0 Administrators wishing to backup Eventing Data will need to have this role or the Full Admin role.<\/span><\/p>\n<h4><span style=\"font-weight: 400\">New SQL++ Query User-Defined Function Roles<\/span><\/h4>\n<p><span style=\"font-weight: 400\">Eight new roles were added to Couchbase Server 7.0 to manage or execute the new SQL++ <\/span><a href=\"https:\/\/www.couchbase.com\/blog\/n1ql-user-defined-functions\/\"><span style=\"font-weight: 400\">User-Defined Functions<\/span><\/a><span style=\"font-weight: 400\"> (N1QL UDFs) feature. These apply at both a Scope and Global level and at both an Inline and External level for the functions:<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Manage Global Functions<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Execute Global Functions<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Manage Scope Functions<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Execute Scope Functions<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Manage Global External Functions<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Execute Global External Functions<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Manage Scope External Functions<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Execute Scope External Functions<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">A Global function is created within a namespace at the same level as the buckets within the namespace; whereas a Scope function is created within a scope, at the same level as the collections within the scope. When creating a user-defined function, the current query context determines whether it is created as a Global function or a Scope function. You can also include the full path to the function when you specify the function name.<\/span><\/p>\n<p><span style=\"font-weight: 400\">An inline function uses the SQL++ language to define the function\u2019s capabilities whereas an External function uses an external language such as JavaScript.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">Here are some examples:\u00a0<\/span><\/p>\n<pre class=\"\">GRANT query_manage_global_functions TO user1;\r\nGRANT query_execute_external_functions ON default:test.scope1 TO user1;<\/pre>\n<p><span style=\"font-weight: 400\">By providing the granularity of managing or executing the SQL++ functions and allowing only specific scopes and execution languages, it allows administrators to provide only the minimum amount of privileges, in what is known as the <\/span><a href=\"https:\/\/en.wikipedia.org\/wiki\/Principle_of_least_privilege\"><span style=\"font-weight: 400\">principle of least privilege<\/span><\/a><span style=\"font-weight: 400\"> (PoLP).\u00a0<\/span><\/p>\n<h4><span style=\"font-weight: 400\">New Operational Roles<\/span><\/h4>\n<p><span style=\"font-weight: 400\">Last but not least, we&#8217;ve added two operational-type roles. The Manage Scopes role and the External Stats Reader role.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The Manage Scopes role allows a Cluster or Bucket administrator to delegate the adding\/removing of Scopes and Collections at a Bucket Level or the adding\/removing of Collections at a Scope level, depending on the parameter given when assigning the role to a user.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The External Stats Reader role allows access to the stats endpoints which provide data that is stored in the embedded Prometheus system stats storage.<\/span><\/p>\n<h4><span style=\"font-weight: 400\">Conclusion<\/span><\/h4>\n<p><span style=\"font-weight: 400\">In this article I\u2019ve shown you what new RBAC roles have been added to Couchbase Server 7.0 and what they are used for.<\/span><\/p>\n<p><span style=\"font-weight: 400\">If security is important to you, I recommend reading a few additional blog posts about our RBAC features that help keep your Couchbase data protected.\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><a href=\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac\/\"><span style=\"font-weight: 400\">Authentication and Authorization with RBAC<\/span><\/a><\/li>\n<li style=\"font-weight: 400\"><a href=\"https:\/\/www.couchbase.com\/blog\/authentication-authorization-rbac-part-2\/\"><span style=\"font-weight: 400\">Authentication and Authorization with RBAC (Part 2)<\/span><\/a><\/li>\n<li style=\"font-weight: 400\"><a href=\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\"><span style=\"font-weight: 400\">Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0<\/span><\/a><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Try these latest features with our 30-day free cloud-hosted trial on <\/span><a href=\"https:\/\/www.couchbase.com\/products\/capella\/start-today\/\"><span style=\"font-weight: 400\">Couchbase Capella<\/span><\/a><span style=\"font-weight: 400\">\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Read more about the <\/span><a href=\"https:\/\/docs.couchbase.com\/server\/current\/introduction\/whats-new.html\"><span style=\"font-weight: 400\">Couchbase 7 release and its new features<\/span><\/a><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Learn more about <\/span><a href=\"https:\/\/docs.couchbase.com\/server\/current\/learn\/data\/scopes-and-collections.html\"><span style=\"font-weight: 400\">Scopes and Collections<\/span><\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Couchbase Server version 7.0 introduces some important changes as part of the role-based access control (RBAC) authorization system.\u00a0 Couchbase Server has allowed fine-grained access controls to the platform with RBAC for administrators since version 4.5 and all users since version [&hellip;]<\/p>\n","protected":false},"author":1864,"featured_media":12496,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1816,2273,1813,1812],"tags":[8907,1903],"ppma_author":[8928],"class_list":["post-12684","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-couchbase-server","category-eventing","category-security","category-n1ql-query","tag-couchbase-server-7-0","tag-rbac"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New RBAC Roles in Couchbase 7.0 - The Couchbase Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New RBAC Roles in Couchbase 7.0\" \/>\n<meta property=\"og:description\" content=\"Couchbase Server version 7.0 introduces some important changes as part of the role-based access control (RBAC) authorization system.\u00a0 Couchbase Server has allowed fine-grained access controls to the platform with RBAC for administrators since version 4.5 and all users since version [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-13T20:19:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T05:39:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/11\/roan-lavery-avEzEqOiJt0-unsplash.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2217\" \/>\n\t<meta property=\"og:image:height\" content=\"1663\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ian McCloy, Director Product Management\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ian McCloy, Director Product Management\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/\"},\"author\":{\"name\":\"Ian McCloy, Director Product Management, Couchbase\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19\"},\"headline\":\"New RBAC Roles in Couchbase 7.0\",\"datePublished\":\"2022-01-13T20:19:07+00:00\",\"dateModified\":\"2025-06-14T05:39:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/\"},\"wordCount\":855,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/11\/roan-lavery-avEzEqOiJt0-unsplash.jpg\",\"keywords\":[\"Couchbase Server 7.0\",\"RBAC\"],\"articleSection\":[\"Couchbase Server\",\"Eventing\",\"Security\",\"SQL++ \/ N1QL Query\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/\",\"name\":\"New RBAC Roles in Couchbase 7.0 - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/11\/roan-lavery-avEzEqOiJt0-unsplash.jpg\",\"datePublished\":\"2022-01-13T20:19:07+00:00\",\"dateModified\":\"2025-06-14T05:39:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/11\/roan-lavery-avEzEqOiJt0-unsplash.jpg\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/11\/roan-lavery-avEzEqOiJt0-unsplash.jpg\",\"width\":2217,\"height\":1663},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New RBAC Roles in Couchbase 7.0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19\",\"name\":\"Ian McCloy, Director Product Management, Couchbase\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/97dd714a3242521ce9dcea0d96550c5f\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g\",\"caption\":\"Ian McCloy, Director Product Management, Couchbase\"},\"description\":\"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom. His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella. This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator. Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/ianmccloy\/\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/author\/ian-mccloycouchbase-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"New RBAC Roles in Couchbase 7.0 - The Couchbase Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/","og_locale":"en_US","og_type":"article","og_title":"New RBAC Roles in Couchbase 7.0","og_description":"Couchbase Server version 7.0 introduces some important changes as part of the role-based access control (RBAC) authorization system.\u00a0 Couchbase Server has allowed fine-grained access controls to the platform with RBAC for administrators since version 4.5 and all users since version [&hellip;]","og_url":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/","og_site_name":"The Couchbase Blog","article_published_time":"2022-01-13T20:19:07+00:00","article_modified_time":"2025-06-14T05:39:14+00:00","og_image":[{"width":2217,"height":1663,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/11\/roan-lavery-avEzEqOiJt0-unsplash.jpg","type":"image\/jpeg"}],"author":"Ian McCloy, Director Product Management","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ian McCloy, Director Product Management","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/"},"author":{"name":"Ian McCloy, Director Product Management, Couchbase","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19"},"headline":"New RBAC Roles in Couchbase 7.0","datePublished":"2022-01-13T20:19:07+00:00","dateModified":"2025-06-14T05:39:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/"},"wordCount":855,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/11\/roan-lavery-avEzEqOiJt0-unsplash.jpg","keywords":["Couchbase Server 7.0","RBAC"],"articleSection":["Couchbase Server","Eventing","Security","SQL++ \/ N1QL Query"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/","url":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/","name":"New RBAC Roles in Couchbase 7.0 - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/11\/roan-lavery-avEzEqOiJt0-unsplash.jpg","datePublished":"2022-01-13T20:19:07+00:00","dateModified":"2025-06-14T05:39:14+00:00","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/11\/roan-lavery-avEzEqOiJt0-unsplash.jpg","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/11\/roan-lavery-avEzEqOiJt0-unsplash.jpg","width":2217,"height":1663},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/new-rbac-roles-in-couchbase-7-0\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"New RBAC Roles in Couchbase 7.0"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19","name":"Ian McCloy, Director Product Management, Couchbase","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/97dd714a3242521ce9dcea0d96550c5f","url":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","caption":"Ian McCloy, Director Product Management, Couchbase"},"description":"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom. His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella. This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator. Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/","sameAs":["https:\/\/www.linkedin.com\/in\/ianmccloy\/"],"url":"https:\/\/www.couchbase.com\/blog\/author\/ian-mccloycouchbase-com\/"}]}},"authors":[{"term_id":8928,"user_id":1864,"is_guest":0,"slug":"ian-mccloycouchbase-com","display_name":"Ian McCloy, Director Product Management","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","author_category":"","last_name":"McCloy, Director Product Management","first_name":"Ian","job_title":"","user_url":"","description":"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom.  His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella.  This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator.  Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/"}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/12684","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/1864"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=12684"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/12684\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/12496"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=12684"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=12684"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=12684"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=12684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}