Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1DEDA4E9F for ; Mon, 11 Jul 2011 06:37:15 +0000 (UTC) Received: (qmail 69207 invoked by uid 500); 11 Jul 2011 06:37:09 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 69131 invoked by uid 500); 11 Jul 2011 06:36:50 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 69109 invoked by uid 99); 11 Jul 2011 06:36:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jul 2011 06:36:46 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of maxosmail@gmail.com designates 209.85.220.180 as permitted sender) Received: from [209.85.220.180] (HELO mail-vx0-f180.google.com) (209.85.220.180) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jul 2011 06:36:41 +0000 Received: by vxd7 with SMTP id 7so3717802vxd.11 for ; Sun, 10 Jul 2011 23:36:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type; bh=4ugy7RNPLxj1ZXLzvHoBK2sUvRThj+wlOL4OBurHdIA=; b=e8nuO0OiGvfi2l3WQYqzNCOf1leQCbTC1Gk0o+c3MaFttuLpXLEX2Z98wl+Ugv4NMX 4AY6gFFcYrcoCkGGIhdFwOOR2gwJ5pNh3f/NJ+K274yy/gWQA0s/m2DeS3uJjKyVvvvU 816snCz39PFF64jGLxQTq/Ue1MApC235MeOk4= Received: by 10.52.117.132 with SMTP id ke4mr1880330vdb.520.1310366180040; Sun, 10 Jul 2011 23:36:20 -0700 (PDT) MIME-Version: 1.0 Sender: maxosmail@gmail.com Received: by 10.52.113.2 with HTTP; Sun, 10 Jul 2011 23:36:00 -0700 (PDT) In-Reply-To: References: From: Max Ogden Date: Sun, 10 Jul 2011 23:36:00 -0700 X-Google-Sender-Auth: PGbuH3xkp-3OrhSSDpriYmijIjs Message-ID: Subject: Re: no 'writers' section in _security killing me To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=bcaec54859d2afdfa504a7c566ea --bcaec54859d2afdfa504a7c566ea Content-Type: text/plain; charset=UTF-8 I'd recommend reading http://blog.couchbase.com/whats-new-in-couchdb-1-0-part-4-securityn-stufffor an overview of the couch security model On Sun, Jul 10, 2011 at 11:30 PM, Marcello Nuccio wrote: > 2011/7/11 Jonathan Geddes : > >> Fortunately, users with write access are not admins. They may not > >> modify design documents. All of their changes are subject to design > >> documents' validate_doc_update() function. > > > > I would be *overjoyed* to hear that you are right and the documentation > at > > [0] is wrong: > >> database admins - Defined per database. They have all the privileges > > readers have plus the privileges: write (and edit) design documents, > > add/remove database admins and readers, set the database revisions limit > > > > (/somedb/_revs_limit API) and execute temporary views against the > database > > (/somedb/_temp_view API). They can not create a database and neither > delete > > a database. > > "Users with write access", are users authorized by the > validation_doc_update functions in the design documents of the > database: > > http://guide.couchdb.org/draft/security.html#validation > > Marcello > --bcaec54859d2afdfa504a7c566ea--