incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Goodlad <da...@goodlad.ca>
Subject Re: Initial couchdb accounts feedback
Date Sat, 09 Jan 2010 21:19:40 GMT
On Sun, Jan 10, 2010 at 6:22 AM, Matteo Caprari
<matteo.caprari@gmail.com> wrote:
> I agree that per-instance-sessions are nice and have cool
> implications, but it means that if I want to run
> applications that don't share users, I have to fire up two couchdb
> instances. This is not a bad thing, just probably not
> very convenient with the current init scripts.

I had a bit of a think about this overnight (since I'll be running in
this scenario). If there are dbs that shouldn't share users, perhaps
you could prefix the role with the appname. ie: { roles:
["myapp1:editor"] }. Then once there are reader ACLs, you could test
that the user included roles with the appropriate prefix.

Now that I've given some more thought to this problem, I've come to
the conclusion that if I implement my roles properly reader ACLs can
handle every case that I've been able to come up with.

Dave

Mime
View raw message