From user-return-13505-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Thu Nov 04 13:52:18 2010 Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 34380 invoked from network); 4 Nov 2010 13:52:18 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 4 Nov 2010 13:52:18 -0000 Received: (qmail 4546 invoked by uid 500); 4 Nov 2010 13:52:48 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 4302 invoked by uid 500); 4 Nov 2010 13:52:45 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 4287 invoked by uid 99); 4 Nov 2010 13:52:44 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Nov 2010 13:52:44 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of zachary.zolton@gmail.com designates 74.125.82.172 as permitted sender) Received: from [74.125.82.172] (HELO mail-wy0-f172.google.com) (74.125.82.172) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Nov 2010 13:52:38 +0000 Received: by wyb28 with SMTP id 28so1912186wyb.31 for ; Thu, 04 Nov 2010 06:52:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:content-type; bh=P4HOS/4t8TMPr+/V+yS+D+QrqXvOwppBPaxKRfICyxo=; b=aelKPbIsoLhmDJRRMM2OtXsTZOIAwgkYDni4LNz65NBlYAiFNdrVyRXARhmpfBsYHI pk9CIYksIq5PYeJyIheeroVM12NYRFuZPC7hXWBUo6I2Zu0gF74SmaOOXHFBprKxLRLd BGvSUGe0wTDQnV+RtGBlsmC1fV1dW9pWUvSNk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=akgMev80ScKnPnx2R0WftmvZ7DdV3h9R0BzbztBZ6mCZ01/YCC8o/Rkt5dqJ4WTr2O dF+ZC9ttPSYmpVIXGiEpJmbSUF9F467ym/3Knhx1F1tyfZxb3Jn4WR6lfnHqwGGaKrcG tu4ixX9ez03DWXRD3FsKUoJfbDgyaYNhp2bHU= Received: by 10.227.135.205 with SMTP id o13mr744232wbt.162.1288878736810; Thu, 04 Nov 2010 06:52:16 -0700 (PDT) MIME-Version: 1.0 Received: by 10.227.69.2 with HTTP; Thu, 4 Nov 2010 06:51:56 -0700 (PDT) In-Reply-To: References: From: Zachary Zolton Date: Thu, 4 Nov 2010 08:51:56 -0500 Message-ID: Subject: Re: Privacy Features in CouchDB To: user@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Richard, The easiest way to do this would be to keep your sets of data, needing different permissions, in separate databases. After creating each database, you'll need to set the "readers" list in the _security object to include the two users who can view that data. Next for the admins, come up with a name for their role (i.e. SYSTEM_NAME-admin) and add it to the "roles" array in each of their user docs. Then add make sure you add that role name to the _security object for each database you create as well. Here's a pretty good overview: http://blog.couchone.com/post/1027100082/whats-new-in-couchdb-1-0-part-4-securityn-stuff Cheers, Zach On Tue, Nov 2, 2010 at 7:57 PM, Richard Metzler wrote: > Hi, > > currently I'm evaluating to use CouchDB for a new project. The project has > strong privacy requirements such as certain ressources should be viewable by > exactly 2 users and all admins. > > Is this possible to implement? >