Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@couchdb.apache.org
Date: Tue, 23 Aug 2016 18:18:12 -0400 (EDT)
From: Joan Touzet <wohali@apache.org>
Reply-To: Joan Touzet <wohali@apache.org>
To: user@couchdb.apache.org
Message-ID: <3725286.2704.1471990775286.JavaMail.Joan@RITA>
In-Reply-To: <CA+tVtbD_NzJ+NShD7AZdiejSr_FAXoJ7PukUMjTZxD2X0SJ3Tg@mail.gmail.com>
References: <CA+tVtbC7ZGVMvibbH3RUJPiTRyrsH4S1Qf2U5nO_VPwdRg9auA@mail.gmail.com> <E7E8D073-ABE0-4397-8257-9479435B351A@apache.org> <CA+tVtbD_NzJ+NShD7AZdiejSr_FAXoJ7PukUMjTZxD2X0SJ3Tg@mail.gmail.com>
Subject: Re: Cloudant document-level permissions feature?
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Thread-Topic: Cloudant document-level permissions feature?
Thread-Index: nb8e3sWZkfE0foFFy5RhQMIGFitR2Q==
archived-at: Tue, 23 Aug 2016 22:20:17 -0000

I'll just say a few words here since it was in my talk this initially
was discussed.

At the time, Cloudant was considering the possibility of document level
security. We worked up a high level specification of how it could be
done, and worked through at least the first order of technical problems
we'd run into.

In the process (some might argue even before the process began) it
became clear that performance would be *terrible* with this approach,
especially when it comes to materialized views (where permissions info
must be stored on every node in the B-tree). Tradeoffs to fix the
performance would place unusually extensive requirements on an admin and
could potentially explode disk utilization requirements. They were
decided against.

Ultimately Cloudant never executed on the document-level security feature
in any meaningful way, and to my knowledge the feature was retired. Of
course, there may be something in one of Cloudant's paid services that
includes this feature, but based on the operational limitations we
explored a few years ago, I think it's relatively unlikely you'd want to
rely on it even if it did exist.

Your best bets remain:

  * couch per user model
  * traditional 3-tier app architecture with the middle tier enforcing
    document-level security
  * look into PouchDB options

All the best,
Joan

----- Original Message -----
> From: "William Edney" <bedney@technicalpursuit.com>
> To: user@couchdb.apache.org
> Sent: Tuesday, August 23, 2016 5:42:42 PM
> Subject: Re: Cloudant document-level permissions feature?
> 
> Bill and Robert -
> 
> Thanks both for your respective replies.
> 
> Bill, this isn't currently a PouchDB app, although it could be turned
> into
> one.
> 
> Robert, that's disappointing, but thanks for letting me know. I'd
> vote up
> such a feature pretty highly :-).
> 
> Cheers,
> 
> - Bill
> 
> On Tue, Aug 23, 2016 at 2:24 PM, Robert Samuel Newson
> <rnewson@apache.org>
> wrote:
> 
> > Hi,
> >
> > Neither Cloudant nor CouchDB 2.0 will support document-level
> > permissions
> > in the near future, sorry.
> >
> > B.
> >
> >
> > > On 22 Aug 2016, at 00:37, William Edney
> > > <bedney@technicalpursuit.com>
> > wrote:
> > >
> > > Hi All -
> > >
> > > Ran into the old 'need document-level permissions' problem here.
> > >
> > > Towards the end of this video from Nov 2013, Joan Touzet mentions
> > > that
> > > Cloudant was working on a solution to this (the ability to only
> > > see
> > > portions of a document based on the user). However, I can't find
> > > any
> > > further reference about this feature 2.5 years later.
> > >
> > > Can anyone from Cloudant speak to whether this has been
> > > implemented,
> > either
> > > in the Cloudant private offering or in CouchDB 2.0 (or, if not,
> > > if there
> > > are plans to implement it in the future?)
> > >
> > > Thanks!!
> > >
> > > Cheers,
> > >
> > > - Bill
> > >
> > > 10 Common Misconceptions about CouchDB
> > > <https://www.youtube.com/watch?v=BKQ9kXKoHS8>
> >
> >
>