couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <>
Subject Re: Reader ACLs
Date Wed, 27 Jun 2012 06:42:35 GMT
On 27 June 2012 00:28, Wordit <> wrote:
> Thanks for the clarifications so far. Would this simple approach work?
> Bob has own db. He is admin and sets readers to "Anna, Fred". Bob creates
> document. Now only He, Anna and Fred can read the document, correct?
> Bob edits /_security doc, adding Sara to "readers", so she can read too. In
> other words, Each user owns a db with their docs, and can set the readers
> ACL.
> It is an app for writers to critique each other. Copyright plays a role,
> hence the stricter reading privileges. Would this work or am I missing
> something?
> Marcus

Yes, the security boundary is the database, not the document.

Some things to bear in mind:

- databases are generally cheap
- views cannot span multiple databases
- if you have a single query that needs multiple DBs, a workaround is
to replicate relevant docs into a central DB and write the view on


View raw message