incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Gorder <jeffgor...@gmail.com>
Subject Re: Creating databases on demand
Date Tue, 23 Nov 2010 08:12:48 GMT
Regarding the database creation question, that's what I was afraid of. I wonder why that design
decision was taken? It's commonly stated that couch can handle thousands of databases, no
problem, but without the ability to create them automatically as the application requires
seems like a real problem, doesn't it?

I like your idea of creating a server side component with the appropriate credentials as a
fallback. 

Thanks for the info.


On Nov 23, 2010, at 7:20 AM, Patrick Barnes wrote:

> Hi Jeff,
> 
> On 23/11/2010 5:10 PM, Jeff Gorder wrote:
>> I have a case where there is a main public database that serves my application and
then will need to have a private database for each user. I've gotten this to work manually
and automatically when logged in as a server admin.
>> 
>> I understand that there are server admins that have full control over the installation
and that they are managed by making entries into the .ini file and that there are database
admins as well. In the "Definitive Guide" it's made clear that only admin users are allowed
to create databases and design documents but it's not clear if those are server admins, database
admins, or both.
>> 
>> How do I create the database/design doc for a new user? It's not practical to require
someone who is a server admin to log on to Futon to do it. If a user is a database admin in
the main application database, does that give them permission to create a new database?
> 
> Someone having database-level admin access only has it on that database, even if it's
the main application database. Only a server admin can create a new database.
> 
> Some sort of privilege escalation is necessary, I guess. Maybe have a server-side script
that can be triggered by main-application database admins, that has a stored set of server
admin credentials and can create the database for them.
> 
>> The second question is how to access the database ACL. I have found that it's stored
at dbasename/_security but haven't found any documentation about an API to it. Is there one?
> 
> See here: http://wiki.apache.org/couchdb/Complete_HTTP_API_Reference
> 
> I'm guessing it's just GET or PUT in its entirety.
> [ Hmm - how are race conditions resolved on _security? :-) ]
> 
> 
> Hope that helps,
> -Patrick


Mime
View raw message