couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Ramage <ryan.ram...@gmail.com>
Subject Re: newbie question - how to manage groups of users <-> databases in couchdb
Date Wed, 13 Jun 2012 21:30:28 GMT
Your model of one db per 'board' is correct. To limit users, you can
use the /db/_security object.

see here:
http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization

Basically, looks like this:

{
  "admins" : {
     "names" : ["joe", "phil"],
     "roles" : ["boss"]
   },
   "members" : {
     "names" : ["dave", "bill"],
     "roles" : []
   }
}

Basically, put all the usernames of those you want access to the board
in the members names.

Just to be clear...this is for each db inside you can do this, which
seems to support what you are trying to do.


On Wed, Jun 13, 2012 at 1:52 PM, Herman Chan <hermanccw@gmail.com> wrote:
> Hi all,
>
> I am new to couchdb so bear with me if this is really easy.
>
> I am trying to prototype a system where there is group of user who can
> share everything within a database to each other. For example, think of a
> message board system that once a user is allow into a particular board,
> they can view/update/delete anything in that message board. Also, a user
> can join multiple boards.
>
> From what I read so far, the way I am thinking to achieve this is to have
> multiple database within the couchdb server. Each database represents a
> board and since board doesn't need to talk to each other, this give a nice
> separation between boards.
>
> My question is about user authorization. I know that I can create user in
> couchdb and assign them ACL within one "database", but is there a way in
> couchdb that it controls user access in a "database" level? ie. which
> database can a user read/write/update?
>
> the only way I see now is to have another table in a "application" database
> can control user access, basically a mapping from user to database.

Mime
View raw message