couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Candler <B.Cand...@pobox.com>
Subject Re: Changing the default _auth validation function
Date Fri, 15 Jan 2010 10:04:21 GMT
On Wed, Jan 13, 2010 at 03:18:52PM -0800, Chris Anderson wrote:
> > I'd think that the document could be 'any old document', with the only
> > requirement being that it have a specific id (_auth? _security?).
> > There could be some conventions, but I don't really see why couch
> > should enforce any structure on that document. The db designer could
> > then write his own validation functions to ensure that only specific
> > users/roles could update that document (probably require _admin to
> > create it in the first place, though).
> 
> Yes I think it could be a regular document. And I think we discussed
> earlier that it should replicate normally.

If I understand rightly, this document will map usernames to [db-local]
roles.

However I'm not sure it will scale if your app has 10 million registered
users and their roles are all held in one security document.

How about a separate security document per user, with an ID like
_auth/username ?

That should also solve concurrency headaches and replicate more efficiently.

Regards,

Brian.

Mime
View raw message