/*******************************************************************************************************************
-- Title : [Cb5.0] 애플리케이션용 RBAC(역할 기반 액세스 제어)
-- Reference : developer.couchbase.com/documentation/server/5.0/security/concepts-rba-for-apps.html
-- Key word : couchbase 카우치베이스 rbac role based access control 역할 기반 액세스 제어 보안 security
*******************************************************************************************************************/
■ Bucket Full Access
이 역할은 5.0 이전의 Couchbase Server 버전에서 생성 된 버킷을 지원하기 위해 제공하고
읽기 및 쓰기 액세스 권한을 부여.
| Role: Bucket Full Access (bucket_sasl) | |||||
|---|---|---|---|---|---|
| Resources | Privileges | ||||
| Read | Write | Execute | Manage | Flush | |
| Bucket [ * | bucket-name ]: Data | ○ | ○ | ○ | ○ | × |
| Bucket [ * | bucket-name ]: Views | ○ | ○ | ○ | ○ | × |
| N1QL: Index | ○ | ○ | ○ | ○ | × |
| N1QL: Other | ○ | ○ | ○ | × | × |
| Bucket: [ * | bucket-name ] | ○ | × | × | × | ○ |
| Pools | ○ | × | × | × | × |
■ Data Reader
지정된 버킷의 데이터를 읽을 수 있음.
N1QL 쿼리(SELECT) 실행을 허용하지 않음(그럼 SDK나 API로 호출하는 것만 된다는??)
| Role: Data Reader (data_reader) | ||||
|---|---|---|---|---|
| Resources | Privileges | |||
| Read | Write | Execute | Manage | |
| Bucket [ * | bucket-name ]: Docs | ○ | × | × | × |
| Bucket [ * | bucket-name ]: Meta | ○ | × | × | × |
| Bucket [ * | bucket-name ]: Xattr | ○ | × | × | × |
| Pools | ○ | × | × | × |
■ Data Writer
정보를 기록하고 지정된 버킷을 읽음.
| Role: Data Writer (data_reader_writer) | ||||
|---|---|---|---|---|
| Resources | Privileges | |||
| Read | Write | Execute | Manage | |
| Bucket [ * | bucket-name ]: Docs | ○ | ○ | × | × |
| Bucket [ * | bucket-name ]: Xattr | ○ | ○ | × | × |
| Pools | ○ | × | × | × |
■ Query Select
지정된 버킷에서 SELECT문 실행.
| Role: Query Select (query_select) | ||||
|---|---|---|---|---|
| Resources | Privileges | |||
| Read | Write | Execute | Manage | |
| Bucket [ * | bucket-name ]: N1QL, SELECT | × | × | ○ | × |
| UI | ○ | × | × | × |
| Pools | ○ | × | × | × |
■ Query Insert
지정된 버킷에서 INSERT문 실행.
| Role: Query Insert (query_insert) | ||||
|---|---|---|---|---|
| Resources | Privileges | |||
| Read | Write | Execute | Manage | |
| Bucket [ * | bucket-name ]: N1QL, INSERT | × | × | ○ | × |
| UI | ○ | × | × | × |
| Pools | ○ | × | × | × |
■ Query Delete
지정된 버킷에서 DELETE문 실행.
| Role: Query Delete (query_delete) | ||||
|---|---|---|---|---|
| Resources | Privileges | |||
| Read | Write | Execute | Manage | |
| Bucket [ * | bucket-name ]: N1QL, DELETE | × | × | ○ | × |
| UI | ○ | × | × | × |
| Pools | ○ | × | × | × |
■ Query Manage Index
지정된 버킷에서 인덱스 관리.
| Role: Query Manage Index (query_manage_index) | ||||
|---|---|---|---|---|
| Resources | Privileges | |||
| Read | Write | Execute | Manage | |
| Bucket [ * | bucket-name ]: N1QL, INDEX | ○ | ○ | ○ | ○ |
| UI | ○ | × | × | × |
| Pools | ○ | × | × | × |
■ Query System Caltalog
시스템 카탈로그 조회.
| Role: Query System Catalog (query_system_catalog) | |||||
|---|---|---|---|---|---|
| Resources | Privileges | ||||
| Read | Write | Execute | Manage | List | |
| Bucket [ * | bucket-name ]: N1QL, INDEX | × | × | × | × | ○ |
| Bucket [ * | bucket-name ]: N1QL, Meta | ○ | × | × | × | × |
| UI | ○ | × | × | × | × |
| Pools | ○ | × | × | × | × |
■ Query External Access
CURL 함수에 대한 외부 인증된 사용자가 실행.
| Role: Query External Access (query_external_access) | ||||
|---|---|---|---|---|
| Resources | Privileges | |||
| Read | Write | Execute | Manage | |
| Bucket [ * | bucket-name ]: N1QL, curl | × | × | ○ | × |
| UI | ○ | × | × | × |
| Pools | ○ | × | × | × |