incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Barnes <mrtr...@gmail.com>
Subject Re: Creating databases on demand
Date Tue, 23 Nov 2010 06:20:50 GMT
Hi Jeff,

On 23/11/2010 5:10 PM, Jeff Gorder wrote:
> I have a case where there is a main public database that serves my application and then
will need to have a private database for each user. I've gotten this to work manually and
automatically when logged in as a server admin.
>
> I understand that there are server admins that have full control over the installation
and that they are managed by making entries into the .ini file and that there are database
admins as well. In the "Definitive Guide" it's made clear that only admin users are allowed
to create databases and design documents but it's not clear if those are server admins, database
admins, or both.
>
> How do I create the database/design doc for a new user? It's not practical to require
someone who is a server admin to log on to Futon to do it. If a user is a database admin in
the main application database, does that give them permission to create a new database?

Someone having database-level admin access only has it on that database, 
even if it's the main application database. Only a server admin can 
create a new database.

Some sort of privilege escalation is necessary, I guess. Maybe have a 
server-side script that can be triggered by main-application database 
admins, that has a stored set of server admin credentials and can create 
the database for them.

> The second question is how to access the database ACL. I have found that it's stored
at dbasename/_security but haven't found any documentation about an API to it. Is there one?

See here: http://wiki.apache.org/couchdb/Complete_HTTP_API_Reference

I'm guessing it's just GET or PUT in its entirety.
[ Hmm - how are race conditions resolved on _security? :-) ]


Hope that helps,
-Patrick

Mime
View raw message