couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: Per-DB Auth Ideas and Proposal
Date Wed, 09 Sep 2009 01:17:02 GMT
On Tue, Sep 8, 2009 at 3:41 PM, Adam Kocoloski<kocolosk@apache.org> wrote:
> Finally, there's the issue of authz in views.  What privileges does the view
> indexer have?  If a user who is only allowed to read some of the documents
> in the DB is allowed to upload a _design document, it seems to me that the
> views generated from that _design document must exclude any forbidden
> documents.  I guess this can work if the _design doc stores the roles of the
> user who saved it.  It seems like a tricky, but solvable problem.
>
> Best, Adam
>
>

One way to handle view auth is to require that views that need access
control, to prepend to the key, the name of the user or the roles who
are allowed to access each row. So if you had docs that may only be
read by the users in the doc.readers array, you'd also write your
views something like:

function(doc) {
  for (var u in doc.readers) {
    emit([u, doc.title], doc.body);
  }
}

This will make view permissions much more straightforward to enforce
than putting the ACL somewhere in the value - especially when it comes
to controlling read permissions of reduce values. The security layer
can just ensure that the key-range is valid for the requesting user.

Chris

-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message