incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernhard Schauer <bernhard.scha...@openforce.com>
Subject Re: who to set up readers for databases
Date Thu, 20 May 2010 05:53:39 GMT
Thanks a lot for that hint, Martin.

I have put together some notes of things, that were not obvious for me, 
when reading the mentioned article.
Probable some one is interested in them, so I append them.

(Note: the formatting is Track-Wiki-Syntax)

MfG Bernhard

===============================

=== Create a user === simply create a new document in the _users DB
The password needs to be sha encrypted. For 'salt' (which is used for 
hashing the password) Futon takes a uuid retrieved from !CouchDb.
{{{
HTTP-PUT http://localhost:5984/_users/org.couchdb.user:username
POSTDATA:
  {
    "name":"username",
    "_id":"org.couchdb.user:username",
    "salt":"4b53fee98d31e591ed3e1822cc002c2b",
    "password_sha":"7302c24b46f519d6a2ed04ea62a8cf1ee6f43664",
    "type":"user",
    "roles":[]
  }
}}}

=== Session Object of the current user ===
{{{
http://localhost:5984/_session

{
  "db_name":"_users",
  "doc_count":1,
  "doc_del_count":0,
  "update_seq":1,
  "purge_seq":0,
  "compact_running":false,
  "disk_size":4185,
  "instance_start_time":"1274256847057607",
  "disk_format_version":5
}
}}}

=== Users of a !CouchDb Instanz === Administrators are not included in 
the _users relation.
{{{
http://localhost:5984/_users/_all_docs

{"total_rows":3,"offset":0,"rows":[
{"id":"_design/_auth","key":"_design/_auth","value":{"rev":"1-04d86233b3254bb5a53dcf7103f97fc2"}},
{"id":"org.couchdb.user:anna","key":"org.couchdb.user:anna","value":{"rev":"1-3f232b61f2ca70d7c2cc26b8dd255059"}},
{"id":"org.couchdb.user:lena","key":"org.couchdb.user:lena","value":{"rev":"1-658ebfe3224a9257504b0a95b86ce7f1"}}
]}

}}}



=== Which users are allowed to use a DB, === is defined in the DB's 
_security document. You can define those users directly by their name, 
or by a role. There are two categories of users: admins and readers.
As long as no readers are defined for a DB, everyone is allowed to use 
it. As soon as a reader is specified in the _security document,
only those users have access to the DB that are mentioned in the 
_security document.
Users that are 'readers' on a DB, are allowed to do CRUD operations on 
documents in that DB. They may not do CRUD operations on DBs.
Furthermore readers are not allowed to alter the _security document, 
thus they can not add other readers or admins to the DB.
{{{
HTTP-POST http://localhost:5984/hello_world/_security
POSTDATA:
  {"admins":
    {
      "names":[],
      "roles":[]
    },
  "readers":
    {
      "names":["username"],
      "roles":[]
    }
  }
}}}

Martin Higham schrieb:
> You'll find the information you are looking for on the wiki
>
> http://wiki.apache.org/couchdb/Security_Features_Overview
>
>
>
> On 19 May 2010 10:06, Bernhard Schauer <bernhard.schauer@openforce.com>wrote:
>
>   
>> Hello,
>>
>> I want to set up a DB so that only one 'reader' (I think that is the
>> correct term) can read and write documents to it.
>> So far I only found documentation regarding, how to set up an admin
>> account. But that is not what I want, since my reader should not be able to
>> create or delete databases, or anything else admin like.
>>
>> Unfortunately I could not find any documentation on that. If I have just
>> overlooked it, let ask for forgiveness in advance.
>>
>> MfG Bernhard
>>
>>     
>
>   


Mime
View raw message