couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Candler <B.Cand...@pobox.com>
Subject Re: Auth Roadmap
Date Thu, 11 Feb 2010 21:27:28 GMT
On Thu, Feb 11, 2010 at 08:32:49AM -0800, Chris Anderson wrote:
> To be clear, I'm not suggesting this at all.
> 
> It'd be more like (pardon my earlier accidental _underscores):
> 
> {
>     "readers":{
>       "names":["foo","bar"],
>       "roles":["baz", "_replicator", "doctor"]
>     },
>     "admins":{
>       "names":["jan","brian"],
>       "roles":["support", (_admin is an implied member)]
>     },
>     "other_security_stuff":{...}
> }

Oh I see. When you replicate, you give the credentials for the remote host,
but perhaps the local side should pick up a _replicator role.  (Or perhaps
not, if it runs with the credentials of the user who started the
replication)

I can imagine "readers" splitting in future though: an indirect reader
capability which can access _show/_list/_update but nothing else would be
able to enforce controls at the document and view row level, since those
points all have access to userCtx.

Regards,

Brian.

Mime
View raw message