incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zachary Zolton <zachary.zol...@gmail.com>
Subject Re: Restricting ability to create new user account
Date Mon, 12 Apr 2010 22:14:15 GMT
I like that approach better.

For some reason I was thinking that users could modify their own
_users doc, but I guess that would defeat role-based security... (^u^)

On Monday, April 12, 2010, J Chris Anderson <jchris@gmail.com> wrote:
>
> On Apr 12, 2010, at 12:04 PM, Zachary Zolton wrote:
>
>> Hi,
>>
>> I would like the to configure a CouchDB server to allow only admins to
>> create user accounts.
>>
>> Should I modify the validate_doc_update function in the _users
>> database's "_design/_auth" document?
>>
>
> Yes, you could do that. It should be fine. However, if you delete the users db, it will
be recreated with the default validation function. (I guess this is obvious, but worth stating.)
>
> As an alternative, you could require that users have a particular role, eg: "approved"
before they have access to the db(s) in question. Then anyone can create an account but only
admins can give them the "approved" role.
>
>>
>> Cheers,
>>
>> Zach
>
>

Mime
View raw message