Added delete notes to the query system catalog role #3971
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rao-shwe
requested changes
Nov 21, 2025
| The Query System Catalog role lets the user query the system catalog using {sqlpp}. | ||
| This access include querying `system:indexes`, `system:prepareds`, and tables listing current and past queries. | ||
| Assign this role to developers who need to query these tables when troubleshooting and debugging queries. | ||
| The Query System Catalog role lets the user query the system catalog using {sqlpp}. Importantly, this role also grants permissions to **delete** from certain in-memory system tables, which is useful for clearing caches and historical query logs without restarting a server. |
Contributor
There was a problem hiding this comment.
Use line breaks. Start each sentence on a new line. The same comment for the rest of the updates on this page.
Avoid using Bold font to emphasise the words in a paragraph.
Avoid using the word "Importantly".
| | | ||
| * Cannot perform any other query actions. | ||
| * Cannot use the Query Workbench in Couchbase Server Web Console. | ||
| * Cannot `INSERT` or `UPDATE` system catalog tables. For this functionality (available from 8.0+), see the `manage_system_catalog` role. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Cannot `INSERT` or `UPDATE` system catalog tables. For this functionality (available from 8.0+), see the `manage_system_catalog` role. | |
| * Cannot `INSERT` or `UPDATE` system catalog tables. | |
| For this functionality (available in 8.0 and later versions), see the `manage_system_catalog` role. |
|
|
||
| | | ||
| * Cannot perform any other query actions. | ||
| * Cannot use the Query Workbench in Couchbase Server Web Console. |
Contributor
There was a problem hiding this comment.
This comment is for next line with the following content:
see the manage_system_catalog role.
Check if it is the query_manage_system_catalog role? If Yes, then add a link to the section in the same page https://docs.couchbase.com/server/current/learn/security/roles.html#query_manage_system_catalog.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
DOC-13138
Bit of a tricky one. I apologise but I didn't see a very elegant way to doc this while maintaining the accuracy the behaviour requires.
Essentially you get DELETE access on various system tables... but only ones that are in-memory as a quirk of in-memory not having specific write access in roles.
Added Istvan as a reviewer as I'm happy to be corrected, here.