DOC-13315 Doc for Read-Only Security Admin role and role changes cleanup #3857
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Edited Read-Only Admin role to reflect changes to priviliges. * Changed several role names to match the names in reported by Couchbase (i.e. Query Manage Sequences -> Manage Sequences). * Cleanup of lingering references to Local and External User Admin roles. * In several cases, updated the roles requirements for REST API calls. These were mainly determined by using a script that calls he endpoints with every possible role.
|
|
||
| The `ip-address-or-domain-name` should specify a node within the cluster whose orchestrator-location is to be determined: information returned by the call is that which is _known to the specified node_. | ||
| The `username` and `password` must be those of a user with the Full Admin, Cluster Admin, Read Only Admin, Local User Security Admin, or External User Security role. | ||
| The `username` and `password` must a user with one of the roles listed in the newxt section. |
|
|
||
| You must have one of the following roles to call this endpoint: | ||
|
|
||
| * Full Admin |
There was a problem hiding this comment.
Is there a reason these aren't the same as above? e.g.
- xref:learn:security/roles.adoc#views-reader[Views Reader]
|
|
||
| You must have one of the following roles to call the GET methods: | ||
|
|
||
| * Full Admin |
There was a problem hiding this comment.
Same question about why these are short cuts vs
xref:learn:security/roles.adoc#security-admin[Security Admin]
stevewatanabe
approved these changes
Sep 16, 2025
stevewatanabe
approved these changes
Sep 16, 2025
stevewatanabe
approved these changes
Sep 16, 2025
stevewatanabe
approved these changes
Sep 16, 2025
stevewatanabe
approved these changes
Sep 16, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The main goal of this PR is to add documentation for the Read-Only Security Admin role (MB-67164). It also cleans up references to Local/External User Security Admin roles from past changes.
Preview URL:
https://preview.docs-test.couchbase.com/docs-server-DOC-13315_new_roles_and_cleanup
You will need the Docs Team credentials on Confluence.
Primary changes, with link to preview:
Fixes to roles references are mainly in the REST API docs. It's probably easiest to just view the diff for these. In most cases, the allowed roles were verified using a script that brute force calls the REST API endpoint with a user with a single role assigned to them. In particular, this dramatically increased the list of roles that can access the identify orchestrator REST API endpoint.