On Mon, Sep 14, 2009 at 10:09 PM, Jason Davies <jason@jasondavies.com> wrote:
> Hi all,
>
> Thanks for all the excellent responses!
>
> With Chris Anderson's "simplest thing that could possibly work" idea in
> mind, here's a quick summary of what I plan to implement as a first cut.
> I've taken ideas from multiple responses on this thread, so I wasn't sure
> which message to reply to, but this plan is mostly inspired by Adam's ACL
> ideas so I've included that message below this one for reference.
>
> The simplest idea is that we have a special doc in each database,
> "_local/_acl" or similar, containing a list of [role(s), "read" or "write"]
> pairs. By default everything is denied to everyone (except _admin). The
> most common use case would be to then have ["username", "read"] and
> ["username", "write"] to give a user read and write permissions to that
> particular database. (In this example, I've assumed that in the _users
> database we map the "username" user to the "username" role for simplicity).
> If we want to give particular access (e.g. read-only) to *everyone*, we can
> use the special "*" string to denote a wildcard, which matches any role,
> including no role at all e.g. ["*", "read"].
Will this doc be replicated ?
>
> I envisage this default "deny all" behaviour being a switch in the .ini
> file, so people will only turn it on once they have users and/or ACLs set
> up.
I don't like the default, io, by default everything should be open and
then you close the door or not .
> Thanks,
> --
thanks to you :)
- benoit
|