couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <j...@couchbase.com>
Subject Re: Reader ACLs
Date Tue, 26 Jun 2012 21:09:46 GMT

On Jun 26, 2012, at 1:27 PM, Wordit wrote:

> Is it possible to give read access to a list of users at the document level?

No. This is both because of the performance impact it would have to do an ACL check for every
document, and also because fundamental features like map/reduce views and the _changes feed
don't work very well with per-doc permissions. (For instance, every view query would have
to be filtered by the ACLs of each and every document that emitted rows into it, reduced values
wouldn't be the same for all viewers, etc.)

Two possible solutions:

(a) Put CouchDB behind a proxy and configure the proxy to allow access based on the user credentials
and request URL. Be very careful about blocking or restricting URLs like _all_docs, _changes,
views, etc. that could allow information to leak out.

(b) Create per-user databases, and set up filtered replications between them and the master
database. (i.e. replicate into a user's database only documents that should be visible to
that user.) Then set up permissions on the user databases. This (and more) is essentially
what Couchbase's Syncpoint project aims to do; but it's still pretty early in development.
(Contrary to what Alex says, Syncpoint works with hosted databases on IrisCouch or Cloudant;
it's just that you can't run the server-side code of Syncpoint from there. But it's just a
Node.js app that can be run from anywhere that has access to the databases.)

—Jens
Mime
View raw message