incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Kocoloski <kocol...@apache.org>
Subject Re: Per-DB Auth Ideas and Proposal
Date Wed, 09 Sep 2009 01:31:00 GMT
On Sep 8, 2009, at 9:17 PM, Chris Anderson wrote:

> On Tue, Sep 8, 2009 at 3:41 PM, Adam Kocoloski<kocolosk@apache.org>  
> wrote:
>> Finally, there's the issue of authz in views.  What privileges does  
>> the view
>> indexer have?  If a user who is only allowed to read some of the  
>> documents
>> in the DB is allowed to upload a _design document, it seems to me  
>> that the
>> views generated from that _design document must exclude any forbidden
>> documents.  I guess this can work if the _design doc stores the  
>> roles of the
>> user who saved it.  It seems like a tricky, but solvable problem.
>>
>> Best, Adam
>>
>>
>
> One way to handle view auth is to require that views that need access
> control, to prepend to the key, the name of the user or the roles who
> are allowed to access each row. So if you had docs that may only be
> read by the users in the doc.readers array, you'd also write your
> views something like:
>
> function(doc) {
>  for (var u in doc.readers) {
>    emit([u, doc.title], doc.body);
>  }
> }
>
> This will make view permissions much more straightforward to enforce
> than putting the ACL somewhere in the value - especially when it comes
> to controlling read permissions of reduce values. The security layer
> can just ensure that the key-range is valid for the requesting user.

Hi Chris, that sounds like a good idea, but it doesn't quite address  
the case of users who are privileged enough to create views, but are  
still restricted from viewing some of the docs in the DB.  Perhaps  
that's a pathological case with which we shouldn't concern ourselves.   
Cheers,

Adam


Mime
View raw message