couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Higham <>
Subject Re: how do you authenticate a user to view their own database
Date Tue, 24 Aug 2010 08:45:10 GMT
On 23 August 2010 19:13, <> wrote:

> I'm confused about the _users authentication vs the authorization for an
> individual database under _security.
> I want a person to signup on my website so they can store their own data.
> So I create a database for them.
> joesdatabase
> Another user signs up and I create a database for them
> bobsdatabase
> now I want joe to save info in his database only
> and bob to save info in his database only.
> Do I have to put joe's info in the _user doc. If so why? Is that to
> authorize him to get into the system?

Yes, _user is the authentication database so Joe needs to exist as a user of
the system

> If so how do I know which databases he can read or access is that in the
> _security db.
> How do you add info to the _security
Yes, _security controls the the ACLs for the database. To set the ACL do a
PUT of the _security document to the database. The document should look
something like

    "admins": {
        "names": [ "admin", "joe"],
    "readers": {
        "names": ["joe"],
        "roles": []

This would give the users "admin" and "joe" admin rights to the database and
only user "joe" could read/write to it.

If you want to change the _security settings simply GET the current
document, and then PUT the updated version

Hope this helps


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message