Return-Path: 
 <user-return-21386-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 9B85DC3F5
	for <apmail-couchdb-user-archive@www.apache.org>;
 Thu, 28 Jun 2012 20:29:46 +0000 (UTC)
Received: (qmail 67950 invoked by uid 500); 28 Jun 2012 20:29:45 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 67884 invoked by uid 500); 28 Jun 2012 20:29:44 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 67875 invoked by uid 99); 28 Jun 2012 20:29:44 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Jun 2012 20:29:44 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of jens@couchbase.com designates
 206.225.164.31 as permitted sender)
Received: from [206.225.164.31] (HELO EXHUB020-4.exch020.serverdata.net)
 (206.225.164.31)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Jun 2012 20:29:37 +0000
Received: from EXVMBX020-1.exch020.serverdata.net ([169.254.4.9]) by
 EXHUB020-4.exch020.serverdata.net ([206.225.164.31]) with mapi; Thu, 28 Jun
 2012 13:29:15 -0700
From: Jens Alfke <jens@couchbase.com>
To: "user@couchdb.apache.org" <user@couchdb.apache.org>
Date: Thu, 28 Jun 2012 13:29:14 -0700
Subject: Re: Reader ACLs
Thread-Topic: Reader ACLs
Thread-Index: Ac1VbK6rlRsCyD7TQv+Ne+lYgrE+dA==
Message-ID: <05D25C8F-056E-4D1B-AC1D-56A75CFF6904@couchbase.com>
References: 
 <CALOE=zspUxuzivAOByFARH5zkNfRCGtrpm2p14XmtMtG1mvJ8w@mail.gmail.com>
 <CALOE=zuwW2uY+TTtKnuNjaYY5F9x4F_c-DhYHh0zaTRr+2mFdw@mail.gmail.com>
 <72B4B717-86B6-4D06-AC60-8D1C081E127B@davisworld.org>
 <CALOE=zsRUbQXuVvR8kQ_NqDiXrV08jO=BFnT9cVr4Td92xZkTg@mail.gmail.com>
 <CALOE=zsN8XzavBa_f031Aqs=jfk4xktRZ=uz_wP4vW__PtnKgw@mail.gmail.com>
 <CAHZBNKYaLHmE8VRJU6hf-HRT=Zwm8xsuSqR6pKDh7KE49utCZA@mail.gmail.com>
 <CALOE=zt-i4WjNxh9bE+pcB-FJBC6Uc26kXJAvGKL-6tv+CQxxw@mail.gmail.com>
In-Reply-To: 
 <CALOE=zt-i4WjNxh9bE+pcB-FJBC6Uc26kXJAvGKL-6tv+CQxxw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0


On Jun 27, 2012, at 10:32 AM, Wordit wrote:

> Do I understand correctly that the central database would need to be
> managed by admin, which would require a server layer and a locked down
> central database?

Yes.

> Admin would check each users "share lists" and then replicate
> documents to user databases. Does that sound right?

Yes, although this checking and replication isn't really part of the centra=
l database. It can be done by any external code that has read access to the=
 admin db and admin access to the user dbs. So for example you could have a=
ll the databases on a shared host like IrisCouch, and run a script somewher=
e else (maybe Amazon EC2) that listens on the main database's _changes feed=
 and does the necessary propagation. Or, somewhat equivalently, you could c=
onfigure the user databases with a persistent continuous filtered replicati=
on from the master (this replication would just need saved credentials that=
 give it access to the master.)

=97Jens=