Using Role-Based Access Control in N1QL

Couchbase 5.0 introduced role-based access control (RBAC) to provide more granular security compared to the previous bucket password system in Couchbase 4.5, where each bucket was secured individually with a password. With RBAC, access to data is managed through specific roles assigned to users, such as query_select, query_insert, query_update, and query_delete, each parameterized by the bucket they apply to. This new system allows for more precise control over user permissions, addressing the limitations of the previous method where users had either full or no access to a bucket. The update also includes the ability to grant and revoke roles, and introduces new system keyspaces for querying user roles, enhancing security by restricting access based on the sensitivity of data. Despite these changes, legacy access patterns, particularly for passwordless buckets, are preserved during the upgrade process to ensure compatibility with existing applications.