couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Kocoloski <>
Subject Re: A CouchDB/Cloudant Scale & Authorization question
Date Thu, 09 Jan 2014 14:33:00 GMT
Hi Andy, you're right that a DB per user-feature is currently the way to go to achieve the
kind of access control granularity that you have in mind.  100k databases in a Cloudant account
is not all that uncommon.  Cheers,


On Jan 9, 2014, at 8:55 AM, Andy Dorman <> wrote:

> Hi, we are new to document databases and CouchDB, but we are very excited about the possibilities
of CouchDB, Cloudant, and PouchDB, especially for mobile applications.
> We are beginning a major update to a "mobile first" design of a web app that has used
an SQL db for over 13 years.  The app currently has thousands of users (and will hopefully
grow to tens of thousands once we have a mobile version running) with 10 "shareable" features
(Calendar, Recipes, etc.) for each user.  Each user needs to be able to grant "read" or "edit"
access to each feature to some number (usually anywhere from 2 to 50) of other users.
> This access model needs read/write authorization to be per user per feature. ie, Joe
(a user) can grant edit access for his Recipes (a feature) to his Mom (another user) and read
access for his Calendar (another feature) to his wife (another user).
> We really want to use Pouchdb in the client and Couchdb/Cloudant on the server-side as
that solves a LOT of issues regarding replication and network access for mobile clients.
> However, it looks to us like the only way to implement this access model using CouchDB's
built-in auth features is to define a database for each user-feature combination.  So Joe
could grant edit access to his "Recipe database" to his Mom and read access to his Calendar
database to Fred and edit access to his wife.
> Our first question is: Is it scalable for an app with several thousand(s) users and 10
features to use a separate database for each user-feature? With 10,000 users and 10 features,
that would come to 100,000 "databases" for our app.
> The second question would be is there another way (other than us writing a server-side
middle layer REST-ful app to handle authorization) to handle authorization at a per user per
feature level?  Our original design using CouchDB had a single database per user and a doc-type
or document per feature.  But we have been unable to figure out a way to have CouchDB control
authorization for each document or doc_type.
> Thank you for any insight or references to documentation that might explain a way to
implement CouchDB authorization at the doc_type or document level.
> -- 
> Andy Dorman

View raw message