Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id EA472200B6B for ; Thu, 25 Aug 2016 15:43:34 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id E8C1E160A94; Thu, 25 Aug 2016 13:43:34 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 3BD5A160A93 for ; Thu, 25 Aug 2016 15:43:34 +0200 (CEST) Received: (qmail 89876 invoked by uid 500); 25 Aug 2016 13:43:33 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 89851 invoked by uid 99); 25 Aug 2016 13:43:32 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Aug 2016 13:43:32 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 89424C03CB for ; Thu, 25 Aug 2016 13:43:32 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -1.426 X-Spam-Level: X-Spam-Status: No, score=-1.426 tagged_above=-999 required=6.31 tests=[RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.426] autolearn=disabled Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id NujDKXmP3RPA for ; Thu, 25 Aug 2016 13:43:26 +0000 (UTC) Received: from z-proxy-01.utt.fr (z-proxy-01.utt.fr [193.50.230.154]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS id 733775F30C for ; Thu, 25 Aug 2016 13:43:26 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by z-proxy-01.utt.fr (Postfix) with ESMTP id 12AA860592 for ; Thu, 25 Aug 2016 15:43:16 +0200 (CEST) Received: from z-proxy-01.utt.fr ([127.0.0.1]) by localhost (z-proxy-01.utt.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id pNihgYYZORzX for ; Thu, 25 Aug 2016 15:43:15 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by z-proxy-01.utt.fr (Postfix) with ESMTP id D31D660595 for ; Thu, 25 Aug 2016 15:43:15 +0200 (CEST) X-Virus-Scanned: amavisd-new at z-proxy-01.utt.fr Received: from z-proxy-01.utt.fr ([127.0.0.1]) by localhost (z-proxy-01.utt.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id g5dto4HqwimP for ; Thu, 25 Aug 2016 15:43:15 +0200 (CEST) Received: from [192.168.0.6] (feu30-2-82-246-236-191.fbx.proxad.net [82.246.236.191]) by z-proxy-01.utt.fr (Postfix) with ESMTPSA id A5E6060592 for ; Thu, 25 Aug 2016 15:43:15 +0200 (CEST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: Cloudant document-level permissions feature? From: =?utf-8?Q?Aur=C3=A9lien_B=C3=A9nel?= In-Reply-To: Date: Thu, 25 Aug 2016 15:43:14 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <99CB9C42-3F19-4A83-9F51-07A4C5B29D9D@utt.fr> References: To: user@couchdb.apache.org X-Mailer: Apple Mail (2.3124) archived-at: Thu, 25 Aug 2016 13:43:35 -0000 Hi William, > Ran into the old 'need document-level permissions' problem here. As replied by the devs, there is not a generic off-the-shelf = high-performance document level permission feature in CouchDB. However, there are numbers of workarounds depending on your needs: 1. If authorizations depend only on document UUID, just set a reverse = proxy in front of CouchDB; 2. If they depend on the document content (e.g. an updatable access = list) then a `show` depending on the `userCtx` object can be your friend = to control reads (if you hide the default API behind a reverse proxy) = and a `validate_doc_update` function, depending also on the `userCtx`, = let you control updates. Regards, Aur=C3=A9lien=