couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Rose <dopp...@gmail.com>
Subject Re: Basic security help
Date Wed, 03 Nov 2010 05:20:36 GMT
The _admins you create in futon are admins because they get written do
default.ini. They don't need to have the _admin value in doc.roles.

To create a normal user with a role of "reader", just PUT
{"name":"username","roles":["reader"]....} to
/_users/org.couchdb.user:username

doppler

On Tue, Nov 2, 2010 at 6:33 PM,  <roger.moffatt@gmail.com> wrote:
> Loving couch! Used it for real for the first time today for capturing
> logging information from an iPhone application. Love the way I can
> just use JSON to send data direct to the DB without a server side
> application layer ... BUT
>
> I need to get some basic security in place and can't figure out how to
> add regular users, rather than admin users to couch. I'm running 1.0.1
> by the way and have read all the documentation, which has left me
> rather confused.
>
> I can setup admin users in futon fine. However in the _users database,
> the roles are empty. I thought admin users had a role of _admin? Is
> this not the case??
>
> I see no interface for setting up regular users though. What I'd like
> to do is have basic http authentication so I can use that for access
> to a particular database. Not uber secure, but for now it will be
> better than exposing everything to everyone!
>
> So my questions are;
>
> 1) Why do admin users have no role attached?
> 2) How do I create a new user that doesn't have admin rights? I just
> want to allocate this user as a "reader" for the database concerned.
>
> I think I'm confused because the sands seem to have been shifting on
> this as it is all rather fluid so I can't get my head around what the
> plan is for which versions! Apologies for being a bit dense about it.
>
> Many thanks in advance!
>
> Roger
>

Mime
View raw message