Description
Altered statements:
1. GRANT
https://docs.couchbase.com/server/current/n1ql/n1ql-language-reference/grant.html
grant ::= 'GRANT' role ( ',' role )* ( 'ON' keyspace-ref ( ',' keyspace-ref )* )?
|
'TO' ('USER' | 'USERS')? user ( ',' user )*
|
or
grant ::= 'GRANT' role ( ',' role )* ( 'ON' keyspace-ref ( ',' keyspace-ref )* )?
|
'TO' ('GROUP'|'GROUPS') group ( ',' group )*
|
i.e. the USER or USERS keyword may optionally be specified before the list of users, or the keyword GROUP or GROUPS may be specified to indicate the grant applies to groups. (Singular and plural forms may be used interchangeably - they do not impact the length of list that follows.)
2. REVOKE
https://docs.couchbase.com/server/current/n1ql/n1ql-language-reference/revoke.html
revoke ::= 'REVOKE' role ( ',' role )* ( 'ON' keyspace-ref ( ',' keyspace-ref )* )?
|
'FROM' ('USER'|'USERS')? user ( ',' user )*
|
or
revoke ::= 'REVOKE' role ( ',' role )* ( 'ON' keyspace-ref ( ',' keyspace-ref )* )?
|
'FROM' ('GROUP'|'GROUPS') group ( ',' group )*
|
i.e. the USER or USERS keyword may optionally be specified before the list of users, or the keyword GROUP or GROUPS may be specified to indicate the revocation applies to groups. (Singular and plural forms may be used interchangeably - they do not impact the length of list that follows.)
New statements:
1. CREATE USER
'CREATE' 'USER' username 'PASSWORD' '"' password '"' ('WITH' '"' name '"')? ('GROUP' group | 'GROUPS' group (',' group)* | 'NO' 'GROUPS')?
|
username - The local user's identifier.
password - Quoted string containing the user's password (must be 6 or more characters).
name - Quoted string containing the user's name.
group - Group name.
Only a single group may be specified after the GROUP keyword; one or more (comma separated list) after GROUPS.
NO GROUPS is a no-op for CREATE USER.
Only one of GROUP, GROUPS or NO GROUPS may be specified.
All options may be specified only once.
e.g.
CREATE USER testuser PASSWORD "password" GROUPS g1,g2
|
2. ALTER USER
'ALTER' 'USER' username ('PASSWORD' '"' password '"')? ('WITH' '"' name '"')? ('GROUP' group | 'GROUPS' group (',' group)* | 'NO' 'GROUPS')?
|
username - The local user's identifier.
password - Quoted string containing the user's password (must be 6 or more characters).
name - Quoted string containing the user's name.
group - Group name.
Only a single group may be specified after the GROUP keyword; one or more (comma separated list) after GROUPS.
NO GROUPS clears the user's groups list.
Only one of GROUP, GROUPS or NO GROUPS may be specified.
All options may be specified only once.
e.g.
ALTER USER testuser WITH "Example user" NO GROUPS
|
3. DROP USER
'DROP' 'USER' username
|
username - The local user's identifier.
4. CREATE GROUP
'CREATE' 'GROUP' name ('WITH' '"' description '"')? ('ROLE' role | 'ROLES' role (',' role)* | NO ROLES)
|
name - The group's identifier.
description - Quoted string containing the group's name.
role - RBAC role
role
- or -
role ON target
target - Target keyspace.
At least one of ROLE, ROLES or NO ROLES must be specified.
e.g.
CREATE GROUP group1 WITH "Example group" ROLES select ON `travel-sample`.inventory.airline, select ON `travel-sample`.inventory.landmark
|
5. ALTER GROUP
'ALTER' 'GROUP' name ('WITH' '"' description '"')? ('ROLE' role | 'ROLES' role (',' role)* | NO ROLES)?
|
name - The group's identifier.
description - Quoted string containing the group's name.
role - RBAC role
role
- or -
role ON target
target - Target keyspace.
Setting a groups roles through the ALTER GROUP statement sets them to the absolute list specified. To manipulate individual roles, use the GRANT & REVOKE statements.
e.g.
ALTER GROUP group1 NO ROLES WITH "Currently unused group"
|
6. DROP GROUP
'DROP' 'GROUP' groupname
|
groupname - The group's identifier.
7. CREATE BUCKET/DATABASE
'CREATE ('BUCKET' | 'DATABASE') name ('WITH' '{' with-fields '}')?
|
name - The bucket name.
with-fields - The name-value pairs (JSON object) configuring the database. Field names & values are per the options listed here:
https://docs.couchbase.com/server/current/rest-api/rest-bucket-create.html
If not specified, a default ramQuota of 100 is used unless "storageBackend":"magma" is specified when the default is 1024.
e.g.
CREATE BUCKET default;
|
8. ALTER BUCKET/DATABASE
'ALTER ('BUCKET' | 'DATABASE') name ('WITH' '{' with-fields '}')?
|
name - The bucket name.
with-fields - The name-value pairs (JSON object) configuring the database. Field names & values are per the options listed here:
https://docs.couchbase.com/server/current/rest-api/rest-bucket-create.html
As per https://docs.couchbase.com/server/current/rest-api/rest-bucket-create.html, the fields "bucketType", "storageBackend", "replicaIndex", and "conflictResolutionType" cannot be altered.
e.g.
ALTER BUCKET default WITH {"ramQuota":500,"maxTTL":24*60*60,"durabilityMinLevel":"majority"}
|
9. DROP BUCKET/DATABASE
'DROP' ('BUCKET' | 'DATABASE') name
|
name - The bucket name.
Attachments
Issue Links
- is triggered by
-
MB-59400 Add user, group and bucket management statements.
- Resolved