couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Candler <>
Subject Re: Auth Roadmap
Date Thu, 11 Feb 2010 21:27:28 GMT
On Thu, Feb 11, 2010 at 08:32:49AM -0800, Chris Anderson wrote:
> To be clear, I'm not suggesting this at all.
> It'd be more like (pardon my earlier accidental _underscores):
> {
>     "readers":{
>       "names":["foo","bar"],
>       "roles":["baz", "_replicator", "doctor"]
>     },
>     "admins":{
>       "names":["jan","brian"],
>       "roles":["support", (_admin is an implied member)]
>     },
>     "other_security_stuff":{...}
> }

Oh I see. When you replicate, you give the credentials for the remote host,
but perhaps the local side should pick up a _replicator role.  (Or perhaps
not, if it runs with the credentials of the user who started the

I can imagine "readers" splitting in future though: an indirect reader
capability which can access _show/_list/_update but nothing else would be
able to enforce controls at the document and view row level, since those
points all have access to userCtx.



View raw message