incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Herman Chan <herman...@gmail.com>
Subject Re: newbie question - how to manage groups of users <-> databases in couchdb
Date Wed, 13 Jun 2012 22:00:10 GMT
cool, i believe you mean readers instead of members.

I guess I'll need another document store in the main database to keep track
of which user have access to with database, or is there a way to transverse
all database in the server to see which database a particular user has
access to?


On Wed, Jun 13, 2012 at 5:30 PM, Ryan Ramage <ryan.ramage@gmail.com> wrote:

> Your model of one db per 'board' is correct. To limit users, you can
> use the /db/_security object.
>
> see here:
> http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization
>
> Basically, looks like this:
>
> {
>  "admins" : {
>     "names" : ["joe", "phil"],
>     "roles" : ["boss"]
>   },
>   "members" : {
>     "names" : ["dave", "bill"],
>     "roles" : []
>   }
> }
>
> Basically, put all the usernames of those you want access to the board
> in the members names.
>
> Just to be clear...this is for each db inside you can do this, which
> seems to support what you are trying to do.
>
>
> On Wed, Jun 13, 2012 at 1:52 PM, Herman Chan <hermanccw@gmail.com> wrote:
> > Hi all,
> >
> > I am new to couchdb so bear with me if this is really easy.
> >
> > I am trying to prototype a system where there is group of user who can
> > share everything within a database to each other. For example, think of a
> > message board system that once a user is allow into a particular board,
> > they can view/update/delete anything in that message board. Also, a user
> > can join multiple boards.
> >
> > From what I read so far, the way I am thinking to achieve this is to have
> > multiple database within the couchdb server. Each database represents a
> > board and since board doesn't need to talk to each other, this give a
> nice
> > separation between boards.
> >
> > My question is about user authorization. I know that I can create user in
> > couchdb and assign them ACL within one "database", but is there a way in
> > couchdb that it controls user access in a "database" level? ie. which
> > database can a user read/write/update?
> >
> > the only way I see now is to have another table in a "application"
> database
> > can control user access, basically a mapping from user to database.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message