Expecting parsed JSON, in a format like this: { "domain":"local", "id":"reviewowner", "name":"OwnerOfreview", "roles":[{"bucket_name":"customer","role":"query_select"}, {"bucket_name":"customer","role":"query_insert"}, {"bucket_name":"review","role":"bucket_full_access"}]} Change the roles to their alias forms, like this: { "domain":"local", "id":"reviewowner", "name":"OwnerOfreview", "roles":[{"bucket_name":"customer","role":"select"}, {"bucket_name":"customer","role":"insert"}, {"bucket_name":"review","role":"bucket_full_access"}]} If the data is in an unexpected format, we leave it as we found it.

FIXME this should be provided by cbauth in order to support on behalf of.

User is a full or read admin.

Ability to backup bucket level N1QL metadata.

Ability to backup cluster level N1QL metadata.

User has cluster_admin auth.

Ability to run ALTER INDEX statements.

Ability to manage buckets.

Ability to run BUILD INDEX statements.

Ability to run CREATE INDEX statements.

Ability to run DELETE statements.

Ability to run DROP INDEX statements.

Ability to run EXECUTE FUNCTION statements.

Ability to run EXECUTE FUNCTION statements.

Ability to run EXECUTE FUNCTION statements.

Ability to run EXECUTE FUNCTION statements.

Ability to access the web from a N1QL query.

Ability to run INSERT statements.

Ability to list indexes of a keyspace.

Ability to run CREATE / DROP FUNCTION statements.

Ability to run CREATE / DROP FUNCTION statements.

Ability to run CREATE / DROP FUNCTION statements.

Ability to run CREATE / DROP FUNCTION statements.

CREATE/ALTER/DROP sequences.

Ability to add, drop, flush scopes and collections.

Ability to run SELECT statements.

Ability to use a sequential scan.

Ability to read query stats.

Ability to run Transaction statements.

Ability to run UPDATE statements.

get/advance sequence values.

Ability to run FTS CREATE INDEX statements.

Ability to run FTS DROP INDEX statements.

Reading user information.

Updating user information.

Read from system scope.

Write to system scope.

Access keyspaces in system namespace, which may/may not be open.

Access keyspaces in system namespace, such as system:keyspaces.

Ability to run docs UPSERT.

Ability to read system xattrs.

Ability to write system xattrs.

A set of permissions required, typically to run a specific query.

Type AuthenticatedUsers is a list of users whose credentials checked out.