incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: Per document attributes authorization
Date Wed, 18 Nov 2009 17:57:01 GMT
On Wed, Nov 18, 2009 at 7:31 AM, Ning Tan <ningtan@gmail.com> wrote:
> On Wed, Nov 18, 2009 at 12:35 AM, sftf <sftf-misc@mail.ru> wrote:
>> Are there plans to implement authorization at document's attributes granularity,
>> or it should be implemented at the application level?
>>
>> In the current version I see only one version of access control at attribute granularity
-
>> create personal views for each application user with the emitting permitted fields
only.
>> But adding user in this scheme requires the creation of the new views and leads to
>> time-consuming indexing of potentially large volumes of data.
>
> Haven't put much thought into this, but from your problem description,
> I guess one way to alleviate the problem is to have views based on
> groups and assign users to a certain group.
>

you can use the user's name as a key in a single large view. so
instead of a key like [tag, date] you could have [user, tag, date] and
require user's to prefix their queries with their own name.

Of course this doesn't help with the the huge on disk index (depending
on your # of users)

For write access of course the validation function is what you are looking for.


-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message