couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <>
Subject Re: Per document attributes authorization
Date Wed, 18 Nov 2009 17:57:01 GMT
On Wed, Nov 18, 2009 at 7:31 AM, Ning Tan <> wrote:
> On Wed, Nov 18, 2009 at 12:35 AM, sftf <> wrote:
>> Are there plans to implement authorization at document's attributes granularity,
>> or it should be implemented at the application level?
>> In the current version I see only one version of access control at attribute granularity
>> create personal views for each application user with the emitting permitted fields
>> But adding user in this scheme requires the creation of the new views and leads to
>> time-consuming indexing of potentially large volumes of data.
> Haven't put much thought into this, but from your problem description,
> I guess one way to alleviate the problem is to have views based on
> groups and assign users to a certain group.

you can use the user's name as a key in a single large view. so
instead of a key like [tag, date] you could have [user, tag, date] and
require user's to prefix their queries with their own name.

Of course this doesn't help with the the huge on disk index (depending
on your # of users)

For write access of course the validation function is what you are looking for.

Chris Anderson

View raw message